...
Ymonitor is safe to use. Read on for more detailed information.
| Table of Contents | ||
|---|---|---|
|
About servers and sentinels
...
Where is my data located?
Our servers are located in The Netherlands. Sentinels are usually located in The Netherlands as well, exceptions are on customer request.
...
No. Never. A sentinel always initiates a connection.
Which network ports are used?
A sentinel connects to the server on port 443 using an encrypted HTTPS connection. The sentinel applies certificate pinning. With certificate pinning, the client verifies that a specific certificate is provided by the server. This guarantees that data is send only to the Ymor server.
Is Ymonitor ISO27001 certified?
The datacenter in which the Ymonitor servers are located is ISO27001 certified. Ymonitor itself is planning ISO27001 certification Q1 2016.
What is your patch policy?
We install (security) updates each 2 months. We closely monitor announcements by our software vendors and apply patches when required.
What is your password policy?
Our password policy requires users to renew their password at least every 3 months. After 5 failed login attempts a password is locked. Additional criteria are in place. Passwords are stored on our servers, encrypted using bcrypt.
I have found a security risk, what should I do?
In case you have found a security risk in Ymonitor we expect you to inform us and share the required details. You can contact the Ymor Security Officer, a public PGP key is available to safely send all information. All required information can be found at [[http://www.ymor.nl|Ymor.nl]].com