Information Security Layers
Glassix provides various information security layers both default or optional.
Default / Optional
The connection to this site via browser or API is using a valid, trusted server certificate issued by Go Daddy Secure Certificate Authority - G2. The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_128_GCM (a strong cipher).
Glassix provide it's users with various security roles and user types such as read-only, reporting, agent, manager, system administrator, API & bot - every role/type with it's limitations
An Access Token is a short-lived credential used to authenticate your application or browser to Glassix. The appropriate role is embedded within your access-token to control your access.
Auto Idle Logoff
Logging of the users after a default idle time of 4 hours (can be configured)
Failed Login Attempts Lock
Locking users after 5 wrong password inputs for 5 minutes
reCAPTCHA v3 for login screen
Auto malware scan for attachments
Glassix is reassembling inbound images to avoid codec malware injection and malicious links. Reassembling images by changing the file format allows us to drop any malicious "codec" download path that is used to inject harmful code.
Security audit logs for all critical and sensitive processes
Directory browsing is disabled. All embedded content is provided with a unique issued token with an expiration date
Our support team can't access your data without a time-frame limited access provided by manager or system administrator roles within your organization
IP White list
IP White list to approve access for both for users login & API calls
Set your desired password policy for your users
Users login 2FA with an SMS message
Data scramble via API or after ticket closure
Glassix supports in/outbound specific file types. Allowed file types can be updated.
Glassix is reassembling PDF docs to avoid malicious links