Contact usRequest a demo

security-4-eavesdropping-attack.png

The attacker tries to intercept communication between the visitor and the agent. Their aim is to learn passwords, session information, cookie settings or confidential information between visitor and agent that can be used in a subsequent attack. While an attacker can attempt to eavesdrop on communications at any point, some attack points are more obvious than others, such as when the visitor accesses the company’s web site using an unsecured wireless network.

How we prevent eavesdropping

The Collaboration Server transmits all data over your secure network connection. It doesn’t make any network connections on its own, and it doesn’t change or restrict the way your secure connection works. In addition, Unblu takes these precautions:

  • We never transmit the contents of a password field.

  • We use two independent session IDs, one for the session between the server and the visitor, and one for the session between the server and the agent. If an attacker learns one ID, they can’t use it to guess the other.

    A visitor’s session ID is independent of the PIN they use to connect to the server. If an attacker intercepts the PIN, they can’t use it to guess the session ID.

  • The client application doesn’t require cookies. This means that you can use a secure proxy server that stores cookies internally and doesn’t hand them out to the client.

  • All session IDs are created using the Java Security SecureRandom class, a widely-accepted way to create secure session IDs.

If an attacker manages to compromise the safety of the network connection (for example, by hacking the visitor’s computer and logging the keyboard input), using Unblu doesn’t introduce any additional security concerns. You should use HTTPS connections for client sessions. Even if you do use unsecured connections, using Unblu doesn’t introduce additional security concerns.

Can eavesdropping succeed in the Unblu Cloud?

In the Unblu Cloud, the Collaboration Server blocks this type of attack in the same way as for in an on-premises setup. However, an on-premises setup allows you to introduce an advanced security architecture customized to your specific needs, which is not possible in the Unblu Cloud.