Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Hornbill Platform and Applications
    • Announcements
    • Blog Article Discussions
    • General Non-Product Discussions
    • Application Beta Program
    • Collaboration
    • Employee Portal
    • Service Manager
    • IT Operations Management
    • Project Manager
    • Supplier Manager
    • Customer Manager
    • Document Manager
    • Configuration Manager
    • Timesheet Manager
    • Live Chat
    • Board Manager
    • Mobile Apps
    • System Administration
    • Integration Connectors, API & Webhooks
    • Performance Analytics
    • Hornbill Switch On & Implementation Questions
  • About the Forum
    • Announcements
    • Suggestions and Feedback
    • Problems and Questions
  • Gamers Club's Games
  • Gamers Club's LFT

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Website URL





Found 15 results

  1. Can we request an enhancement to the 'Support Teams' functionality for Services. In the current security model you have to be a member of a 'Support Team' to be able to view a request or added as an individual member on the request. In order to give some of our teams access to requests, but stop them from being able to be assigned requests, I duplicate team organisation objects and then disable assignment to all users in the duplicate team. This has an overhead and create unnecessary duplicate teams. Can we request an enhancement to be able to disable assignment against a 'Supporting Team
  2. Hi Team, we would like to start using the integrations in our instance but our security has some questions about Keysafe : (1) How are keysafe stored credentials protected from unauthorised access? (2) how are credentials destroyed (3) what activity audit logs for keysafe operations are available (4) what independent report of assurance/testing of keysafe security can be provided ? (pentest summary, SOC2 Type 2 etc) I wonder if someone could help us get our internal security approval by helping us work through the above?? many thanks Andy
  3. The Customer Portal is not updating the h_last_accessed column on h_sys_contact table when customer login to the Customer Portal. Therefore we have no way on monitoring or determining when a customer last used the portal account. Can this be addressed, so we can both monitor and also identify dormant customer portal accounts, so that they can be suspended or removed as part of security good practice. Cheers Martyn
  4. Can you advise on how long the automated links sent via the Customer Portal 'Forgotten Password' automate process are valid for? Most systems apply an expiry period on this type of links to stop interception/man in the middle attacks. Cheers Martyn
  5. Is it possible to report on how frequently members of a team log into Service manager - I can see the 'last login' in h_sys_accounts, which gives the most recent login. But I'm after seeing how often users log into Service Manager. This is for full users, rather than basic users. thanks Claire
  6. Security: Meltdown and Spectre A recent critical security announcement for three bugs CVE-2017-5715 CVE-2017-5753 and CVE-2017-5754 which have been nicknamed meltdown and spectre. These were found by multiple people, including Jann Horn, who works for projects Zero at Google. He has done an excellent write up on exactly how he found the Issues.  As with any new serious vulnerability found these days it has to have a catchy name, matching logo and dedicated website that says this about the two issues - "Meltdown and Spectre
  7. When a end user is crating a request from Service Portal with a progressive capture that allows an Asset to be selected, the end user can search all assets. There is no way to restrict which assets can be searched, as far as we can tell. We consider this to be a security issue, and will have to disable the possibility for end users to pick assets when registering requests. Furthermore, this might be considered a security issue also for agents. There should be ways of restricting which agents can see which assets.
  8. Like many other public bodies, we are now mandated to comply with the requirements of Cyber Essentials: https://www.gov.uk/government/publications/cyber-essentials-scheme-overview In addition, we are preparing for the introduction of the General Data Protection Regulations. Given that Service Manager may contain sensitive information, we are looking at ways of making access more secure. Currently log-in security is limited to AD authentication. Would it be possible to limit access even further by only allowing access by set IP address with any other access requiring 2 factor
  9. Hi, One of our service desk manager wanted to change some service owners this morning but could not find the button on the screen so contacted me. I had a look and I have to admit I am puzzled here... This is what she sees: Yet here is the setup she has: I just had another look into the Wiki and found this: Service Desk Manager [Show Less] Collaboration Role Service Desk Admin Services Manager Dashboard Viewer The Service Desk Manager will be able to log new and update calls for all call classes
  10. Hi, I just created 2 very interesting dashboards for my company and I would like all users to have access to them. However, for dashboards, we need to manually assign rights to users, groups or roles. I have too many teams and users to do that manually so I was looking for a shortcut using a custom role. But I am struggling and some help would be welcomed! What settings do I need to give to my role to make it appear in the dashboard settings? My dashboard properties and the access I would like to setup: My custom role: I have not given any specific da
  11. Afternoon, We are looking to change our password reset processes at the moment, as we don't have a way of identifying people over the phone. So we have to get them to come to us with their staff badge as a form of identification. We would like to use hornbill to save identification questions in peoples profiles so that only the Service desk can see them as a security measure. Then we can ask for characters from their security question to identify them over the phone. If their a field in hornbill anywhere where this can be done? Thanks Hayley.
  12. Hi, I am looking at setting up a new assignment role to overcome a "problem" that we have in our organisation. Basically, we have teams (so far so good) amongst which some individuals have a particular skill set that allows them to perform certain specific tasks. The "problem" we have is when a request comes in and we need these people to help out, we want to be able to assign an activity to this group of people. But they belong to multiple teams... So I tried to create a new assignment role and added 2 members (for testing purposes). I then created an activity and it worked beautifully.
  13. Is it possible to set up a custom security group to give users access to be able to change the status of a service without being able to modify the setup of the service or add/delete services? As part of our major incident process we want our analysts to be able to change the service status to make it visible on the portal but we don't want them to be able to modify any of the setup of the services, response times or resolution times thanks, Pete
  14. I recently posted a security update blog article. https://www.hornbill.com/blogpost/dirty-cow-security-hole-discovered
  15. Hi, I've been asked by our security team for answers that I can't find in your Wiki. 1. IMAP/POP3 traffic - does your traffic come from a set of IPs that we can filter to (i,e. to lock down access to yourselves)? 2. Is there 2 factor authorisation available on the Admin URL (or are there any plans if not)
  • Create New...