Securing the Flow
The collaboration server transmits the structure of the web site from the visitor's browser to the agent. To do this, the collaboration server analyzes the structure of the website (the Document Object Model (DOM)) and transmits any changes detected. This transmission contains the following information:
The layout of the web site (which elements are where).
Dataurls and canvas images (Dataurls can be disabled on the collaboration server side, but often are not because they are used by the website. Canvas processing can also be disabled, but then parts of the website (the canvas parts) will not be visible on agent side.)
The website text.
The transmission does not contain:
- Other embedded media or executable code.
How the Collaboration Server Transmits Media Files
The collaboration server uses a separate connection for media files, such as PDFs and images. This provides the following advantages:
An attacker cannot supply a manipulated media file to the agent.
The collaboration server can keep track of media files that are created dynamically for the customer. To do this, it copies the files into an internal cache before they go out to the customer.
Potential Attack Types
|Attack type||How the collaboration server deals with the attack|
|Attacker pretends to be a visitor and tries to run code on the agent's computer.||Removes all executable code before transmitting the web page to the agent.|
|Note: Only for image and stylesheet references. The attacker pretends to be a visitor and inserts a link to a (malicious) media file into the web content.||The collaboration server loads all media files directly from your web server. It never transmits a file from the internet to the agent.|
|The attacker tries to eavesdrop on an existing visitor session.||The collaboration server relies on the safety of your connection, usually managed through a web application firewall. To eavesdrop on a visitor session, an attacker has to break your connection first.|
|The attacker tries to hijack an existing visitor session.||The collaboration server checks the integrity of the connection and immediately terminates if the integrity is compromised.|
|An attacker inside of your company's IT network tries to hijack an existing session.||You can configure the collaboration server in a way that consultants have to log in and cannot participate in multiple concurrent sessions. You can also restrict the content that consultants can see and what actions are permitted on the visitor‘s web page.|
|The agent abuses his position and tries to execute malicious commands as the visitor.||All versions of unblu provide for the ability to specify exactly what agents can see or do on the visitor‘s web page.|
|The attacker pretends to be a visitor and tries to guess another visitor's PIN.||The PIN is only valid for a very limited period of time.|