Go Security Questions

1) When I create Admin during setup and use my ActiveDirectory user name as the Admin, will it authenticate using ActiveDirectory? 

With Go, you need to set an user as a "Go Administrator" for him to manage the Go setup. By default, on a new installation, the first user to login to Go automatically becomes a Go Administrator.

2) Are user IDs and/or passwords cached anywhere?

No

3) Is account lockout implemented as to limit repeated access attempts?

No

4) Idle sessions timeout

Session expires in 14 days

5) Is password required to reactivate idle sessions?

Yes

6) Does the application implement encryption of any data elements and files?

No

If YES, indicate encrypted data elements, encryption algorithms and key length

Go Configuration XML passwords are encrypted using DES. Go Agent - Go Server communication is over HTTPS.

7) Does the application implement hashing and/or digital signature methods? If YES, indicate integrity-critical data elements, hashing / dsig algorithms and parameters

MD5 checksum is provided for all artifacts generated by Go Agents

8) Does the application log user login attempts? –

No

9) Does the application log data access? – 

No

10) Does the application log account administration operations? – Yes If YES, does it log add user / assigned role? – Yes If YES, does it log remove user / change role? – Yes If YES, does it log password reset / unlock user? – Yes If YES, does it log all privileged administrative changes? – Yes Indicate: log location and name (path, db:table, others) – mingle.log Indicate: log rotation (condition/trigger, number of logs prior to purging) – See above Indicate: log retention (number of days, on-line, off-line) – See above

11) Do the user access logs contain the following data elements?