Forums & Knowledge Base/How to use Soluto?/Frequently Asked Questions

How secure is Soluto?

Maya Shoval
posted this on December 13, 2011, 2:56 AM

  • Soluto’s web servers are encrypted via an SSL certificate. SSL (or Secure Sockets Layer) is a cryptographic protocol that provides communication security over the internet, message encryption and integrity so that communication between Soluto’s software and servers will be protected from eavesdropping and other malicious attacks.
    SSL also provides authentication in the form of server certificates using the latest cryptographic algorithms.
    Soluto’s website identity is verified by VeriSign Class 3 International Server CA-G3 certificate.
     
  • Passwords are stored according to the highest accepted security standards – The only password token stored is a secure hash, produced with a salt value and multiple passes. Soluto never stores passwords as plaintext, as tokens encrypted with reversible encryption, or as simple hashes.
     
  • User Protection: Soluto is 100% safe and secure. Only you, and someone you allow to provide you with help, can take pre-approved actions within Soluto or remote access your PC. If someone else helps you with your PC using Soluto, you can always end the relationship at any time, and they will not have access to your devices anymore. 
 
 

Comments

User photo
Nick

Thanks, I shall refer people to this if they are cautious about this kind of software. 

December 24, 2011, 10:49 PM
User photo
Paul

Can you please expand on "SSL". Is it SSL? TLS 1.0? TLS 1.1? TLS 1.2? For those of us working in security it makes a difference. What info is kept on core servers? How is it protected? Is it on a cloud provider (EC2) or stand alone services? Is there an air gap?

January 21, 2012, 9:22 AM
User photo
Shawn Eght

Paul its TLS 1.0

January 29, 2012, 6:37 PM
User photo
Andrew

What about the data that is traveling to your server is that secure? I've been thinking about deleting soluto because thinking about it now it does have a lot of control over my pc and if that gets highjacked.....please tell me a lot more about the entire process

February 9, 2012, 7:40 PM
User photo
Wade

Its good to know that no sensitive data is collected on clients workstation or that their personal info cannot be accessed. SO does the "agent" that the client uses instructs to collect system stats via Windows API with your engine....? 

Is it possible to elaborate on the situations above:

1. local workstation to server communication encrypted

2. implications of local or client workstation Soluto software being "hijacked" in any way (even due to system infection)

February 29, 2012, 10:14 AM
User photo
Pand Rien

No system is 100 % Secure. It would be naive to think otherwise. It's not so naive to say that you are 100% Secure to reassure your customers.

Also what measures have you taken to prevent Social engineering attacks?

March 2, 2012, 12:08 PM
User photo
Daniel Barry Jones

I hope it is under the data protection act .. http://www.legislation.gov.uk/ukpga/1998/29/contents

September 1, 2012, 2:58 PM
User photo
Jim Jones

Two factor authentication?

March 12, 2014, 4:05 PM
User photo
IT Xpress

Two factor auth would be a major win. With over 100 clients supported by Soluto, I would feel more secure knowing my main account required my phone (SMS or timecode/Google Authenticator)

March 14, 2014, 1:25 AM
User photo
Jim Jones
Duo Mobile's push tfa is really nice! Much easier than typing the code every time.
March 14, 2014, 12:11 PM