Cipafilter Documentation - Appendix III: Privacy / remote access disclosures
Posted by Jim Giseburt, Last modified by Jim Giseburt on 06 April 2017 11:56 AM
Your Cipafilter contains several features which, while designed to enhance usability and provide for excellent support, may create privacy concerns for some. In the interest of maintaining openness and an informed user base, these features are documented in this section.
Cipafilter retains the administrative keys and Web interface passwords for all Cipafilter units. This is necessary for certain technical functionality (for instance, remotely deploying updates), but perhaps more importantly it allows Cipafilter employees to, at any time, remotely access your Cipafilter.
This is intended to provide speedy tech support — technicians are able to quickly log in to diagnose problems or update settings without requiring customers to set up special accounts and so on. From time to time, tech support will also forward bugs or configuration issues to Cipafilter development for resolution; this may entail logging in to diagnose the problem and (less commonly) to deploy a fix.
As many customers are uncomfortable having maintenance performed or serious changes applied to their devices (particularly during business hours), all reasonable effort is taken to avoid making any such modifications to running units without receiving prior approval from the customer. However, exigent circumstances, such as the disclosure of a serious vulnerability in one of the Cipafilter firmware's constituent softare packages, may require changes to be applied without notification (usually after business hours or during the weekend).
Configuration data, database contents, and logs
All Cipafilter units automatically upload backups of their configuration data to the Cipafilter Enterprise system each night. These backups are encrypted prior to (and then during) transmission, and are stored in the same encrypted format. However, in order to provide support and disaster recovery, Cipafilter employees have the ability to decrypt these configurations. This means that Cipafilter does have access to certain sensitive configuration data, like LDAP authentication credentials, User Manager credentials, and SSL private keys.
As part of their administrative remote-access capabilities, Cipafilter employees also have access to data stored locally on customers' hardware. This includes not only the previously mentioned configuration information, but also the contents of the Cipafilter database and its logs. These sources usually do not contain critically sensitive data like passwords, but they can reveal otherwise detailed information about an organization's network configuration, devices, and Internet usage, including (if so configured) those of staff and administrators.
Although copies of this local data are not maintained in Cipafilter's Enterprise system, excerpts may be forwarded to other Cipafilter employees in order to diagnose technical issues.
This information will never be shared externally or used for any purpose besides backup, recovery, problem diagnosis, and similar technical support.