Frequently Asked Question
How secure is the Tates PC Ticket system?
Last Updated 4 years ago
Tates PC Helpdesk at https://tickets.tatespc.us/osticket/ implements the highest levels of security possible in today's online world without compromising access to as many clients as possible with a reasonably high level of security.
In the last couple of years there have been several "hacks" related to people breaching online servers and stealing information. Tates PC does not have any magical protection against this; however, we have disabled our server hosts' administrative access to our server and maintain Joe Tate as the only server administrator account that can access the server. We also monitor all failed attempts to access our server (in the 24 hours prior to this FAQ being posted there had been over 1,150 failed attempts to gain administrative access to our web server and 0 successful attempts to gain access from anyone besides Joe Tate).
In the last couple of years there have been several "security breaches" that are related to people compromising the encrypted network traffic and gaining access to data that should have been unobtainable to them. These breaches took place due to people employing weak or outdated security ciphers and encryption methods. Tates PC has maintained current PCI compliance on it's servers and extended beyond the minimums with the billing site https://twominutefix.com where it captures credit card information. Attached you can find 3 reports from leading analytics sites that test for weaknesses against SSL security exploits and, to all knowledge available, this ticket system is impervious to those exploits. Joe Tate takes the time to scan for new exploits on the server at least once every 3 months in addition to the standard monitoring.
Here is a short recap of some of the encryption attacks and our April 2018 status:
Protocol Versions
Finally, in the last year there have been "exploits" related to NSA hacks that were made public which allowed several large institutions to fall to a NoPeyta2 infection, which thankfully had a kill switch embedded into it, that spread like wildfire. The security patches made available were applied the week of the exploits and continued manual attempts to maintain a level of protection had been applied. As of April 6th, 2018, all known and available updates for the server's hosting server farm have been applied to protect against these exploits as well. This is important because Tates PC's hosting server sits in a server farm with overarching administrator accounts on other systems that made potential security risks possible and undetectable.
After explaining everything it is very important we impress the fact that this site is only as safe as your password makes your account. Your password is protected against brute force attempts; however, some users may make weak enough passwords they could be guessed by friends, family, or someone who presents a spearhead phishing attempt against them. If you are uncomfortable making a strong password for the site, we have a password generation tool that can help you here: https://tatespc.us/?Link=passwordtool
We appreciate your understanding for the downtime on any/all hosted websites that occurred on April 6th and extend the gratitude of continued patronage by attempting to maintain as bulletproof security as is possible in today's day and age.
Update: to provide a comparative measurable to other "secure" online sites we have added analysis of popular banks in Bucyrus, OH to measure our site's security against. These can be found in the "Comparative SSL Reports 2018.zip" attachment.
In the last couple of years there have been several "hacks" related to people breaching online servers and stealing information. Tates PC does not have any magical protection against this; however, we have disabled our server hosts' administrative access to our server and maintain Joe Tate as the only server administrator account that can access the server. We also monitor all failed attempts to access our server (in the 24 hours prior to this FAQ being posted there had been over 1,150 failed attempts to gain administrative access to our web server and 0 successful attempts to gain access from anyone besides Joe Tate).
In the last couple of years there have been several "security breaches" that are related to people compromising the encrypted network traffic and gaining access to data that should have been unobtainable to them. These breaches took place due to people employing weak or outdated security ciphers and encryption methods. Tates PC has maintained current PCI compliance on it's servers and extended beyond the minimums with the billing site https://twominutefix.com where it captures credit card information. Attached you can find 3 reports from leading analytics sites that test for weaknesses against SSL security exploits and, to all knowledge available, this ticket system is impervious to those exploits. Joe Tate takes the time to scan for new exploits on the server at least once every 3 months in addition to the standard monitoring.
Here is a short recap of some of the encryption attacks and our April 2018 status:
Protocol Versions
- TLS v1.2 Supported Immune to TLS POODLE attack
- TLS v1.1 Supported Immune to TLS POODLE attack
- TLS v1.0 Supported Immune to TLS POODLE attack
- SSL v3.0 Not Supported Immune to SSLv3 POODLE attack
- SSL v2.0 Not Supported Immune to DROWN attack
- Compression Not Supported Immune to CRIME attack
- Heartbeat Not Supported Immune to Heartbleed attack
- Signature Algorithms Enabled None Immune to SLOTH attack
Finally, in the last year there have been "exploits" related to NSA hacks that were made public which allowed several large institutions to fall to a NoPeyta2 infection, which thankfully had a kill switch embedded into it, that spread like wildfire. The security patches made available were applied the week of the exploits and continued manual attempts to maintain a level of protection had been applied. As of April 6th, 2018, all known and available updates for the server's hosting server farm have been applied to protect against these exploits as well. This is important because Tates PC's hosting server sits in a server farm with overarching administrator accounts on other systems that made potential security risks possible and undetectable.
After explaining everything it is very important we impress the fact that this site is only as safe as your password makes your account. Your password is protected against brute force attempts; however, some users may make weak enough passwords they could be guessed by friends, family, or someone who presents a spearhead phishing attempt against them. If you are uncomfortable making a strong password for the site, we have a password generation tool that can help you here: https://tatespc.us/?Link=passwordtool
We appreciate your understanding for the downtime on any/all hosted websites that occurred on April 6th and extend the gratitude of continued patronage by attempting to maintain as bulletproof security as is possible in today's day and age.
Update: to provide a comparative measurable to other "secure" online sites we have added analysis of popular banks in Bucyrus, OH to measure our site's security against. These can be found in the "Comparative SSL Reports 2018.zip" attachment.