Today we’d like to tell you what measures TeamLab takes to guarantee your portal data protection andgive some recommendations on how to secure data in a maximum efficient way.
What makes TeamLab secure and safe
We prevent such threats as authentication cookie thefts via cross-site scripting, SQL injections, Cross-Site Request Forgery and other types of security dangers for your personal data and the whole portal content by:
when a user submits Personal Information, it is kept on a private server not accessible from the Internet. This limits the possibility of any malicious use of your Personal Information.
assigning authentication cookies with HttpOnly attributes and binding them to the portal user’s IP address to prevent any cookie theft;
having conducted a series of independent tests, aimed at detection of probable vulnerabilities to make sure that TeamLab portals meet the most up-to-date security requirements and are resistant against possible hacker attacks;
allowing only a user to change his/her password with the help of a special link forwarded to the registered email. TeamLab neither submits passwords by email nor provides the administrator with the corresponding rights;
providing backup permissions only to the portal owner to avoid any possible private data leaks.
SSL. Banking Security Connection for Your Data
Allowing portal access only through the HTTP with SSL (Secure Sockets Layer) encryption we prevent man-in-the-middle attacks. This makes it impossible for any third party to interfere into the session and get any private information.
Amazon Stability and Backup
TeamLab portals are hosted on Amazon Web Services (AWS), which is no doubt one of the most well-established cloud computing platform today, providing 99,99999% stability guarantee. Apart from automatic data backup, you can make offline archiving and back up your portal manualy at any time. Just go to the Settings and choose “Perform Backup” option or follow these instructions. The BAK file can be downloaded directly to your computer.
Recommendation to the Portal Administrators
If you are a portal administrator, we recommend you to set all the Portal Settings in a way that fully complies with your security requirements. Pay special attention to the following parameters:
Trusted Mail Domain Settings. They allow you to specify the mail servers that can be used for user self-registering in TeamLab. By default the settings are at the disabled mode. The Custom domains option allows you to specify mail servers that you trust, for example, your corporate domain.
So, if your portal contains some very important private or corporate information, make sure that Trusted Mail Domain Settings are disabled and use only the invitation link to add people to your portal. You can include the link to the email and send to the people outside your portal so that they could join it. The link is valid for 3 days.
Password Strength Settings. Get use of them to determine the password strength in resisting guessing and brute-force attacks. Use the Minimal Password Length bar to determine how long the password should be to be considered strong. Check the appropriate boxes below the bar to determine the character set that must be used in the password.
Things to take into account while uploading files to the portal
images added to blogs, events, project discussions and comments can be accessed by a direct link without any authentication;
direct links to the attachments in forums, wiki files and images in the Photos section are temporary and valid for unauthorized access for only 15 minutes after the publishing on the portal;
links to the files stored in the Projects, Documents and CRM modules are available only for authorized use and only for users who have the corresponding rights
You can also read more tips on access rights management in our post here.