The following security methods are in place for Ipswitch Analytics:
Passwords
Ipswitch Analytics uses the Advanced Encryption Standard (AES) to protect the passwords used to grant access to Ipswitch Analytics, and to protect access to the MOVEit database and the Ipswitch Analytics Server.
Note: Report data is not considered sensitive and is not encrypted in the database nor on the file system of the servers that generate the reporting data or on the Ipswitch Analytics Server.
All authentication information used by Ipswitch Analytics is encrypted or hashed. Encryption and hashing are done using the Java Simplified Encryption library (Jasypt). Details of the Jayspt library can be found at www.jayspt.org. For Ipswitch Analytics, hashing is done using the SHA-512 algorithm and utilizes the Jasypt library to enhance the protection using random salts and multiple iterations of the hashing function. Bi-directional encryption is done using Jasypt to provide password-based encryption. The password is based on a random number generated by the Ipswitch Analytics Server at install.
Data Transmission
Communication between the Ipswitch Analytics Agents and the Ipswitch Analytics Server uses HTTPS, so data is always encrypted during transmission.
Communication between the web client browser and the Ipswitch Analytics Server uses HTTPS, so data is always encrypted during transmission.
Certificates
Certificates are used for encryption of communications. The Ipswitch Analytics Server supports the use of certificates issued by a Certificate Authority and also supports the use of self-signed certificates.
When the Ipswitch Analytics Server is installed, a keystore is created and the certificates required for secure communication between the Ipswitch Analytics Agents and the Ipswitch Analytics Server and also between the client browser and the Ipswitch Analytics Server are added to the keystore.