TRIGGERcmd
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Where can I find the Security & Policy section for Triggercdm

    General Discussion
    3
    4
    487
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Eddie SantanaE
      Eddie Santana
      last edited by

      I am interested in utilizing this service for business, but first, I need to review the Security and Policies for our Compliance. Where can I obtain these documents?

      RussR 1 Reply Last reply Reply Quote 0
      • RussR
        Russ @Eddie Santana
        last edited by Russ

        Hello @Eddie-Santana, I'll be happy to write a security and/or policy document, but you're the first person who's asked for one, so I could use your input.

        What standard do you need to comply with? I'm familiar with HIPAA, PCI, and NIST requirements, and CIS benchmarks from my job at Delta Dental. Of course TRIGGERcmd doesn't handle any PHI, so it doesn't need to comply with HIPAA requirements like encryption of data at rest, and TRIGGERcmd doesn't handle credit cards (Paypal does that). NIST is a federal government organization that publishes a framework for keeping systems secure. They recommend using a published standard for hardening your systems if one is available, such as CIS benchmarks.

        For starters, here are some security related things to be aware of:

        • TRIGGERcmd can only execute commands that are configured in the agent's commands.json data file. For example, the commands.json file is pre-populated with the "calc" command on Windows. A user needs direct access to the computer in order to manipulate the commands.json file on it.
        • TRIGGERcmd accounts use these authentication methods:
          • A social account from Google.
          • An email address and password
          • A JWT bearer token
        • Account credentials are protected by SSL (HTTPS) encryption.
        • TRIGGERcmd.com SSL encryption uses only strong ciphers, and receives an A rating from ssllabs.com.
        • TRIGGERcmd servers and data are backed up daily.

        Russell VanderMey

        1 Reply Last reply Reply Quote 0
        • Frank ForresterF
          Frank Forrester
          last edited by

          I'm interested in knowing what ports this is using to communicate from Triggercmd to my pc? For instance I'm at work and I have an alexa there. Lets say i say "Alexa, ask TRIGGERcmd to play ascii star wars" is the tcp/ip traffic encrypted?

          RussR 1 Reply Last reply Reply Quote 0
          • RussR
            Russ @Frank Forrester
            last edited by Russ

            @Frank-Forrester, yes it's encrypted with HTTPS over an outbound connection from your PC on port 443 to the TRIGGERcmd servers. The connection stays open so the TRIGGERcmd server can use it to send the trigger for your ascii star wars command to your PC. Amazon's Alexa servers also communicate with the TRIGGERcmd servers over HTTPS and port 443.

            Good questions. Let me know if you have any more.

            Russell VanderMey

            1 Reply Last reply Reply Quote 0
            • First post
              Last post