Skip to content

Security

Jump to bottom Edit New page
Lucas Habersaat edited this page Aug 3, 2020 · 11 revisions

What Cryptopus does to improve Security

To ensure Security, which is the most important quality for Cryptopus, many methods and techniques are employed on different layers to maximize the protection of your data.

Rails Security Mechanisms

Rails itself offers many security measures. (Security of Ruby On Rails)

  • Roles: An internal policy system manages the access rights of the different user roles like admins/config-admins and normal users
  • Reset Session Fixation: After 5 minutes the user is automatically logged out and the session is destroyed.
  • CSRF Protection: Cross-Site Request Forgery attacks are averted by using unique tokens.
  • Session Storage instead of LocalStorage is used.

Country Filter

Cryptopus offers the possibility to white-list countries by IP addresses and block access from other sources.

Root Access

Root login is only possible from a local IP. Root can't log in on the normal login route. The root login route is /session/local.

Anti-Brute Force

Cryptopus notices and locks an account that attempts to login by brute-forcing a password. The lock-time increases exponentially with the number of login attempts and can be unlocked by an admin.

Web Security

  • Content Security Policy detects and mitigates certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. CSP can restrict the sources of included content to trusted sites.

  • HTTPS is always enforced.

  • Escaping and Sanitizing of input is used to prevent injection attacks.

What you can do to improve Security

A very important part in security lies in you and how you set up and use Cryptopus. Take note of following points where you can further increase the security of your content.

  • Password Policy: Really do give time and thought for setting a good and secure password. The random password generator is recommended.

  • Internal Access Only: If possible do consider to limit access to your internal network only. Increase security immensely by not even exposing your service to the internet, if not necessary.

  • WAF: It is recommended to have a Web Application Firewall that monitors, filters and blocks malicious access attempts before even reaching your service.

  • Server Admin Access: Restrict access to server admin rights, like changing the database, such that only the people that are supposed to are able to make such actions.

Add a custom footer
Add a custom sidebar
Clone this wiki locally