What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Questions regarding security

    Asked by mariakw on January 06, 2017 at 09:38 AM

    1.)  Does the application include network segmentation for a certain company or 3rd party systems (e.g DMZs, firewall placement, etc? Can you please explain if  the network is segment or not. If yes, please provide us a network diagram sample that shows the segmentation of the network components.

     

    2.) Is application segmentation is place, e.g. web tier, application tier, database tier? If yes, also please provide us a sample segmentation diagram that shows a web server being separated from the middleware and the database and the firewalls in between them. 

     

    3.) Can u please explain what antivirus product is installed? if yes, please provide us the screenshot of the product detecting any viruses. 

     

    4) Intrusion Detection. Please explain whether an intrusion detection and intrusion prevention system is deployed that monitors network or system for malicious activities. 

    If yes what intrusion detector/preventer is being put in place. Please if you can provide us the screenshot sample of the tool that has identified the malicious activity, logged information about the activity, attempt to block/stop it and has reported it. 

     

    Thats all, your quick response is highly appreciated. 

    Thank you very much. waiting for you reply :) 

  • Profile Image
    JotForm Support

    Answered by Charlie on January 06, 2017 at 10:46 AM

    Hi,

    You seem to have already asked this question on this thread: https://www.jotform.com/answers/1019658- 

    Please note that some of your questions seems to divulge sensitive information about our security. For now, here are some information that our founder shared to us regarding security:

    - We have bug bounty programs where we pay outside parties for

    reporting vulnerabilities in our system.

    - Our servers are protected by private networks and constantly updated

    and patched.

    - Our system administrators have a collective 40+ years of industry experience.

    - Our development team is encouraged to follow best security practices.

    - All data transfer are made of 256-bit SSL secure connection.

    - Our servers are located on SSAE16 Audited facilities.

     

    May we know the reason for you asking the questions? Does your company need this? If what we have shared does not suffice, I can forward your questions to our back-end team, but I cannot guarantee that they will still be answered.

    We'll wait for your response.

  • Profile Image

    Answered by mariakw on January 08, 2017 at 02:58 AM

    Thanks for your reply, however we would need screenshots for the last 4 items I was asking. We have to do this to ensure that our customers data information is secured and their privacy is protected. The privacy and security of our customers are utmost important for our management.

    Got already the answers however I will really appreciate if you can provide the screenshots of these 4 items so I can present to our management as evidences. Once this is done I can assure our management that our customers info are secured and protected and we will be able to subscribe Jot Form again in all our future digital projects. 

    Does the application include network segmentation? e.g. DMZ, firewall placement, etc. Is application segmentation in place? E.g. web tier, application tier, database tier, etc. Is antivirus product installed on each server (separate from Malware protection)? Are intrusion detection and/or intrusion prevention system developed? Who is responsible for monitoring intrusion detection and/or intrusion prevention?

     

    Many Thanks!

  • Profile Image
    JotForm Support

    Answered by ashwin_d on January 08, 2017 at 07:14 AM

    Hello mariakw,

    Do you mean to say that you need screenshot of the firewall, application segmentation, antivirus. malware and intrusion detection system we have on our server?

    Please note that we have cluster of server across multiple data centres. Can you please confirm what specific data you would like to see in the screenshots? I am not sure if our backend team will be able to share these details but I will forward your request.

    Thank you!

  • Profile Image

    Answered by mariakw on January 09, 2017 at 07:05 AM

    Thanks for your response.

    Yes we will need screenshots of firewall, application segmentation, antivirus / malware and intrusion detection system on your server which prove that the information we requested from our customers thru Jot Form are secured.

     

    Network segmentation e.g. DMZ, firewall placement – screenshot of your diagram, screenshot of firewall software product or firewall tools (see sample below) Application segmentation in place? E.g. web tier, application tier, database tier, (see sample below) 

    Related image

     

    Antivirus product installed on each server (separate from Malware protection), - screenshot of the antivirus software product 

    Image result for antivirus diagram 

    Intrusion detection and/or intrusion prevention system developed – screenshot of the Who is responsible for monitoring intrusion detection and/or intrusion prevention?

  • Profile Image
    JotForm Support

    Answered by seth on January 09, 2017 at 07:56 AM

    Hello, 

    I asked our management about the information you are asking. We will inform you when we receive information.

    Please in the mean time, check out our encryption system. You can encrypt your data and nobody can access your data without the key. Also we don't have access to that information if you encrypt your forms. If you loose the key, you can't reach the data afterwards:

    https://www.jotform.com/help/344-Encrypted-Forms-and-How-to-Use-Them

    We will inform you about the information you asked via this thread.

    Thank you.

  • Profile Image
    JotForm Support

    Answered by seth on January 12, 2017 at 03:46 AM

    Hello @mariakw,

    I sent an email about your request and waiting for a reply. I will inform you about it when I receive an answer.

    Also your last message didn't reach our Support Forum. Please use our web page to send messages. Here is the link to your thread:

    https://www.jotform.com/answers/1027448

    Here is the contact page for your other queries:

    https://www.jotform.com/contact/

     

    Regards.

     

  • Profile Image
    JotForm Support

    Answered by seth on January 12, 2017 at 11:58 PM

    Hello,

    Unfortunately, we can't share screen shots or any other documents because of security reasons. I hope you can understand this behavior. 

    Please feel free to contact us for further queries.

    Regards.