DejaClick Security Options

DejaClick scripts can potentially store confidential information including IDs, passwords, account numbers, and SSNs. It is therefore important that additional security options are provided to safeguard and protect such confidential information embedded within recorded scripts. AlertSite further enhances DejaClick data security with options to encrypt locally and remotely saved script files. While some security features may limit the type of customer support that can be provided for remotely encrypted scripts, they do offer an additional level of protection and privacy to those requiring it.

Encryption Overview

DejaClick already establishes a secure (encrypted) communications channel between the user's computer and the AlertSite monitoring system using the HTTPS protocol (SSL over HTTP) whenever scripts are uploaded and downloaded. This ensures reasonable protection from eavesdropping and man-in-the-middle attacks. This type of data connection features strong encryption* and uses standard secure web protocols for transmitting private information over the Internet.

In addition to this, DejaClick is enhanced to optionally store portions of its XML script data in encrypted form. The encryption scheme utilizes the industry-standard AES algorithm with 256-bit key-length. A password is used to generate the encryption key, and that key is used to encrypt/decrypt script data. A matching password will then be required before an encrypted script can be loaded or viewed in DejaClick.

By default, DejaClick scripts are saved as partially encrypted XML files. There are two types of encryption: local encryption, which encrypts files saved locally on your desktop, and remote encryption, which encrypts files uploaded to your AlertSite account. Remote encryption is only available using the Advanced display level. There are also two levels of encryption available: encrypt only password fields and encrypt all user input data.

___________

* DejaClick utilizes the secure communication features built into the Mozilla Firefox® browser, including SSL 3.0 (Secure Socket Layer) and TLS 1.0 (Transport Layer Security) which protect communications with web servers via the HTTPS protocol. SSL encrypts data prior to transmission and uses a different default TCP port (443 instead of 80) along with additional encryption/authentication between the HTTP and TCP layers. SSL encryption is based on the use of industry-standard RSA public and private key pairs. AlertSite's web servers use digital certificates that provide 256-bit encryption for HTTPS connections (256-bit refers to the size of the key used to encrypt the data).

Local Encryption

When the Encrypt locally saved scripts option is enabled in the Security tab of Configuration Options dialog, then encryption is applied to all scripts when saved on your desktop. The type of encryption depends upon the Encryption Level setting:

  • only password fields, or
  • all user input data

The encryption password may be stored locally on the user's computer (via Firefox's Password Manager) if entered in the Configuration Options dialog, or it may be prompted for as needed to increase security. If the stored password does not match the one needed for a protected script, DejaClick will prompt the user for the correct password.

Remote Encryption

When the Encrypt remotely monitored transactions option is enabled in the Security tab of Configuration Options dialog, encryption is applied to all scripts that are saved remotely. All password-protected scripts will be stored in encrypted form within AlertSite's databases. When downloading a password-protected script, DejaClick will prompt the user for the associated password. Thus, only users who know the password will be able to download, view, and replay the associated script.

For AlertSite customers, this security feature allows users to optionally encrypt their transactions when uploading them to AlertSite monitoring stations for remote monitoring using a transaction-specific password. The transactions are decrypted on the monitoring stations just prior to execution. Encrypted DejaClick transactions may be downloaded and replayed only by those with password access, including AlertSite Performance Advisors.

Uploading Scripts

If the Encrypt uploaded transactions option is enabled in the DejaClick Configuration Options dialog, the user will be prompted to enter a password each time a script is uploaded. The resulting password dialog will display a warning message to remind the user that the uploaded script will be encrypted.

Downloading Scripts

If a downloaded script is encrypted, the user will be prompted for the encryption password. The script will not be loaded into DejaClick unless a valid password is provided. If the transaction needs the involvement of AlertSite customer support, this will require sharing the password.

Configure Options Security Tab

The Security tab in the DejaClick Configuration Options dialog has the following features:

In Basic Display Level mode:

Security_tab_basic.png


In Advanced Display Level mode:

Security_tab_advanced.png


Several dialogs are displayed depending on the selection of Local and/or Remote encryption, and Encryption Level.

  • Password prompt when Store local encryption password (default) is checked in the Local Encryption section of Security tab:

Local_PW_prompt.png

If Store local encryption password (default) is not selected, there is no "Remember Password?" check box.


  • Dialog displayed after selecting Encrypt remotely monitored transactions (prompt first) in the Remote Encryption section of Security tab:

Prompt_first_dialog.png


  • Prompt when uploading a recording that contains data for encryption with Remote Encryption enabled; in this case, a password has been detected in the recording and Encrypt password data only (default) was selected in the Security tab Encryption Level:

Remote_Security_Upload_Prompt.png


  • Prompt when Yes selected to encrypt script during upload:

Remote_Encryption_PW_Prompt.png


  • Prompt for Encryption Password when downloading an encrypted script:

Prompt_upload_previously_UL_encrypted.png


  • Prompt when uploading a recording with data for encryption replacing a transaction that previously had been encrypted:

Upload_previously_encrypted_dialog.png


Back to Top