Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Tonido's design puts security first against current and possible future issues.

 

General

  • Profile creation is not allowed from a remote location (other than a local machine) by default
  • Profile deletion is not allowed from a remote location (other than a local machine) by default
  • Tonido software has been audited independently for security issues by a security firm

 

HTTP

Most of Tonido's UI is accessed via the browser

  • Tonido login is valid only for the browser session and once the browser is closed and reopened, you will have to re-authenticate yourself.
  • Tonido has support for IP Range Filters where you can specify which IPs are allowed to access Tonido.
  • Logging in remotely can optionally require answering a secret question and password. This prevents phishing attacks so no one can masquerade as your Tonido URL.
  • Text, HTML flowing from a remote location is always filtered to prevent Cross-site scripting attacks
  • Tonido supports SSL connections for example you can use https://<yourname>.tonidoid.com to connect to your tonido software

 

Tonido Network Security

Tonido uses the Tonido Network to communicate with other Tonido instances

 

  • Tonido security ensures that when you communicate with another Tonido instance, you are invulnerable to impersonation. This is achieved in Tonido by a challenge response mechanism. A Tonido instance before establishing communications with another Tonido instance will get a challenge response from the Tonido instances's domain (directory) server and pose it to the instance. If the answer is correct, the connection is continued, otherwise the connection fails.
  • Tonido groups establish a authentication token that verify that a Tonido instance is a valid member of the group
  • All messages flowing via the Tonido network have different levels of authentication and if the authentication doesn't match, it is discarded.
  • Traffic flowing through the Tonido Network is encrypted using well known standards-based encryption algorithms (AES, Diffie-Helman)
  • Tonido has support for IP Range Filters where you can specify which IPs are allowed to access Tonido.

 

Security Best Practices

  •  Security requires that users are responsible when using any software including Tonido. This means that first, they will need to understand all the risks that are present and learning how to protect themselves and their computer from threats.
  •  Use strong passwords. Change the password often. Don't write down the password. And use a password that is unrelated to your other passwords.
  •  For even more security, setup and use a strong secret question and answer. Choose a question that is unique to you. Choose an answer that is as hard as your password.
  •  If you are accessing Tonido remotely, after completing your session, close the browser.
  • No labels