- mariakwAsked on January 06, 2017 at 09:38 AM
1.) Does the application include network segmentation for a certain company or 3rd party systems (e.g DMZs, firewall placement, etc? Can you please explain if the network is segment or not. If yes, please provide us a network diagram sample that shows the segmentation of the network components.
2.) Is application segmentation is place, e.g. web tier, application tier, database tier? If yes, also please provide us a sample segmentation diagram that shows a web server being separated from the middleware and the database and the firewalls in between them.
3.) Can u please explain what antivirus product is installed? if yes, please provide us the screenshot of the product detecting any viruses.
4) Intrusion Detection. Please explain whether an intrusion detection and intrusion prevention system is deployed that monitors network or system for malicious activities.
If yes what intrusion detector/preventer is being put in place. Please if you can provide us the screenshot sample of the tool that has identified the malicious activity, logged information about the activity, attempt to block/stop it and has reported it.
Thats all, your quick response is highly appreciated.
Thank you very much. waiting for you reply :)
- CharlieAnswered on January 06, 2017 at 10:46 AM
You seem to have already asked this question on this thread: https://www.jotform.com/answers/1019658-
Please note that some of your questions seems to divulge sensitive information about our security. For now, here are some information that our founder shared to us regarding security:
- We have bug bounty programs where we pay outside parties for
reporting vulnerabilities in our system.
- Our servers are protected by private networks and constantly updated
- Our system administrators have a collective 40+ years of industry experience.
- Our development team is encouraged to follow best security practices.
- All data transfer are made of 256-bit SSL secure connection.
- Our servers are located on SSAE16 Audited facilities.
May we know the reason for you asking the questions? Does your company need this? If what we have shared does not suffice, I can forward your questions to our back-end team, but I cannot guarantee that they will still be answered.
We'll wait for your response.
- mariakwAnswered on January 08, 2017 at 02:58 AM
Thanks for your reply, however we would need screenshots for the last 4 items I was asking. We have to do this to ensure that our customers data information is secured and their privacy is protected. The privacy and security of our customers are utmost important for our management.
Got already the answers however I will really appreciate if you can provide the screenshots of these 4 items so I can present to our management as evidences. Once this is done I can assure our management that our customers info are secured and protected and we will be able to subscribe Jot Form again in all our future digital projects.Does the application include network segmentation? e.g. DMZ, firewall placement, etc. Is application segmentation in place? E.g. web tier, application tier, database tier, etc. Is antivirus product installed on each server (separate from Malware protection)? Are intrusion detection and/or intrusion prevention system developed? Who is responsible for monitoring intrusion detection and/or intrusion prevention?
- JotForm Supportashwin_dAnswered on January 08, 2017 at 07:14 AM
Do you mean to say that you need screenshot of the firewall, application segmentation, antivirus. malware and intrusion detection system we have on our server?
Please note that we have cluster of server across multiple data centres. Can you please confirm what specific data you would like to see in the screenshots? I am not sure if our backend team will be able to share these details but I will forward your request.
- mariakwAnswered on January 09, 2017 at 07:05 AM
Thanks for your response.
Yes we will need screenshots of firewall, application segmentation, antivirus / malware and intrusion detection system on your server which prove that the information we requested from our customers thru Jot Form are secured.
- JotForm SupportsethAnswered on January 09, 2017 at 07:56 AM
I asked our management about the information you are asking. We will inform you when we receive information.
Please in the mean time, check out our encryption system. You can encrypt your data and nobody can access your data without the key. Also we don't have access to that information if you encrypt your forms. If you loose the key, you can't reach the data afterwards:
We will inform you about the information you asked via this thread.
- JotForm SupportsethAnswered on January 12, 2017 at 03:46 AM
I sent an email about your request and waiting for a reply. I will inform you about it when I receive an answer.
Also your last message didn't reach our Support Forum. Please use our web page to send messages. Here is the link to your thread:
Here is the contact page for your other queries:
- JotForm SupportsethAnswered on January 12, 2017 at 11:58 PM
Unfortunately, we can't share screen shots or any other documents because of security reasons. I hope you can understand this behavior.
Please feel free to contact us for further queries.