Development Process
The Statseeker Development Team consider product security a key factor in all development processes. In addition, our own in-house security team ensure that company is kept up to date with the latest known security vulnerabilities affecting the IT industry. They work with our development team to determine, how these issues could potentially impact Statseeker and the industries that we support.
Development Environment
No element of our development environment is accessible from external networks, including our build and packaging systems.
Package Distribution and Product Updates
Access to our binaries is only available through our Sales and Support teams, and we offer checksum verification for all of our distributed packages. Statseeker does not check for available updates or attempt to automatically apply updates. Once installed, all changes or updates to a Statseeker installation must be initiated by an authorized user account on the customers’ side.
Statseeker encourages the use of a data and configuration backup location outside of the Statseeker server. To support this, the product offers configuration options which enforce encryption of all traffic between the server and the specified backup repositories.
Platform Security
Statseeker employs FreeBSD as the underlying operating system for the product. FreeBSD, widely considered as one of the most secure operating systems available, is a hardened Unix system with its own security team overseeing all software shipped in the base distribution.
By default, FreeBSD does not allow root-level SSH access, meaning that multiple sets of credentials would need to be compromised prior to unauthorized root-level access to the Statseeker server being achieved.
For details on default enabled services (and their respective ports) as well as which are required, and which can be disabled, please contact Statseeker Technical Support.
Product Security
The Statseeker server does not need external web access, but the web UI will attempt to communicate with external resources in a few instances, all of which can be circumvented. In these instances, the communication is between the user’s browser and the external resource, the Statseeker server does not initiate or receive external resource communications.
A default installation will attempt a once-only ‘phone home’ to confirm licensing details in the final stages of the installation process, this step can be blocked if needed. A manually entered licensing code can be obtained from Statseeker on-demand, preventing the need for the Statseeker server to have any communication outside of your network.
The other two other elements of the product that rely on external web access to function are:
- In-product links to the Statseeker Support ticketing system, and the Help documentation resource
- The dynamic background used by the dashboard Worldmap panel – this requirement can instead be directed to a local map server with the application of a Statseeker SCS package
All communication to and from the Statseeker server, via the web UI, is encrypted and system administration users are provided with tools to manage this encryption service to suit their requirements. The Statseeker web UI also removes the requirement for either physical or SSH access to the Statseeker server itself for all but a dedicated server administration account. This feature very effectively restricts the ability of users to modify the system to affect any unauthorized outcome.
User Access
User access to the Statseeker product can be managed via secure LDAP or RADIUS centralized authentication services as needed.
Statseeker employs user roles and permissions settings to manage in-product access. These systems can be employed to restrict the ability for a user account to access specific datasets, as well as various levels of system or administrative functionality.