DéjàClick scripts can potentially store confidential information including IDs, passwords, account numbers, and SSNs. It is therefore important that additional security options are provided to safeguard and protect such confidential information embedded within recorded scripts. AlertSite further enhances DéjàClick data security with options to encrypt locally and remotely saved script files. While some security features may limit the type of customer support that can be provided for remotely encrypted scripts, they do offer an additional level of protection and privacy to those requiring it.
Overview
DéjàClick already establishes a secure (encrypted) communications channel between the user's computer and the AlertSite monitoring system using the HTTPS protocol (SSL over HTTP) whenever scripts are uploaded and downloaded. This ensures reasonable protection from eavesdropping and man-in-the-middle attacks. This type of data connection features strong encryption* and uses standard secure web protocols for transmitting private information over the Internet.
In addition to this, DéjàClick is enhanced to optionally store portions of its XML script data in the encrypted form. The encryption scheme utilizes the industry-standard AES algorithm with 256-bit key-length. A password is used to generate the encryption key, and that key is used to encrypt and decrypt script data. A matching password will then be required before an encrypted script can be loaded or viewed in DéjàClick.
By default, DéjàClick scripts are saved as partially encrypted XML files. There are two types of encryption: local encryption, which encrypts files saved locally on your desktop, and remote encryption, which encrypts files uploaded to your AlertSite account. Remote encryption is only available at the Advanced display level. There are also two levels of encryption available: encrypt only password fields and encrypt all user input data.
Local Encryption
To apply encryption to all scripts saved on your desktop:
-
Click and select DéjàClick Options from the drop-down menu.
-
Switch to the Security tab.
-
Select the Encrypt locally saved scripts check box.
-
Specify the level your data should be encrypted at:
-
Only password fields.
-
All user input data.
-
The encryption password may be stored locally on the user's computer (via Firefox Password Manager) if entered in the Configuration Options dialog, or it may be prompted for as needed to increase security. If the stored password does not match the one needed for a protected script, DéjàClick will prompt the user for the correct password.
Remote Encryption
To encrypt all scripts that are saved remotely:
-
Click and select DéjàClick Options from the drop-down menu.
-
Switch to the Security tab.
-
From the Display Level drop-down list, select Advanced.
-
Select the Encrypt remotely monitored transactions (prompt first) check box.
-
Click OK.
All password-protected scripts will be stored in encrypted form within AlertSite databases. When downloading a password-protected script, DéjàClick will prompt the user for the associated password. Thus, only users who know the password will be able to download, view, and replay the associated script.
For AlertSite customers, this security feature allows users to optionally encrypt their transactions when uploading them to AlertSite monitoring stations for remote monitoring using a transaction-specific password. The transactions are decrypted on the monitoring stations just prior to execution. Encrypted DéjàClick transactions may be downloaded and replayed only by those with password access, including AlertSite Performance Advisors.
Upload Scripts
If the Encrypt remotely monitored transactions (prompt first) option is enabled in the DéjàClick Configuration Options dialog, the user will be prompted to enter a password each time a script is uploaded. The resulting password dialog will display a warning message to remind the user that the uploaded script will be encrypted.
Download Scripts
If a downloaded script is encrypted, the user will be prompted for the encryption password. The script will not be loaded into DéjàClick unless a valid password is provided. If the transaction needs the involvement of AlertSite customer support, this will require sharing the password.
Security Tab Options
The Security tab of the DéjàClick Options dialog has the following options:
In the Basic display level mode: |
In the Advanced display level mode: |
Depending on the options you selected for Local and Remote encryption, DéjàClick will show the following dialogs:
-
When Store local encryption password (default) is selected in the Local Encryption section of the Security tab:
If Store local encryption password (default) is not selected, there is no Remember Password? check box in the dialog.
-
When Encrypt remotely monitored transactions (prompt first) is selected in the Remote Encryption section of the Security tab:
-
When uploading a recording that contains data for encryption with Remote Encryption enabled; in this case, a password has been detected in the recording and Encrypt password data only (default) was selected in the Security tab Encryption Level:
-
When OK was selected to encrypt a script during upload:
-
When downloading an encrypted script:
-
When uploading a recording with data for encryption replacing a transaction that previously had been encrypted:
DéjàClick utilizes the secure communication features built into the Mozilla Firefox® browser, including SSL 3.0 (Secure Socket Layer) and TLS 1.0 (Transport Layer Security) which protect communications with web servers via the HTTPS protocol. SSL encrypts data prior to transmission and uses a different default TCP port (443 instead of 80) along with additional encryption and authentication between the HTTP and TCP layers. SSL encryption is based on the use of industry-standard RSA public and private key pairs. AlertSite web servers use digital certificates that provide 256-bit encryption for HTTPS connections (256-bit refers to the size of the key used to encrypt the data).