How do I monitor intrusion detection in Xojo Cloud ?

Tony_Barry · December 18, 2015, 6:30am

Greetings. I have a Xojo Cloud account and I would like to monitor the account for intrusion detection.

How would one go about this ?

As I see it, a log file of persons accessing the Xojo Cloud front-end will allow for observation of IP address of prospective clients to the app.

But if a malicious actor gains access to the account (i.e. via SFTP) I do not see how I can monitor this.

Any thoughts ?

Regards,
Tony Barry

Jason_Parsley · December 18, 2015, 2:44pm

Intrusion detection is built-in to Xojo Cloud so you don’t have to worry about it. This is one of the benefits of Xojo Cloud. You can read more here:

http://www.xojo.com/cloud/#secure

Once you have an app that is accessible on the internet, security becomes very important. Most hosting providers provide little or no security, it’s left up to you. A simple firewall is not enough. We have a lot of security, the kind that would normally be prohibitively expensive. All Xojo Cloud servers are identically configured and it works because the IDE and the cloud are working together.

Greg_O_Lone · December 18, 2015, 9:35pm

That said, this is part of the reason that we provide those cryptic SFTP passwords instead of letting users choose them. Resetting your SFTP password is as simple as turning SFTP off and on again.

Tony_Barry · December 18, 2015, 10:22pm

Thank you Jason and Greg.

Yes I appreciate the issued passwords that the SFTP functionality in XC provides. I have done the same thing in my app which runs under XC. Users get issued passwords too.

From your answers it would seem that I can’t do intrusion detection on XC because I do not have enough privileges (and so if a malicious actor obtains access by some privileged exploit, then I won’t know).

Is it possible for Xojo to advise of penetrations of XC to affected users ?

Regards,
TB

Greg_O_Lone · December 18, 2015, 11:45pm

[quote=236553:@Tony Barry]
Is it possible for Xojo to advise of penetrations of XC to affected users ?[/quote]
The honest answer is… It depends. If someone were to access your machine using a legitimate password through a sanctioned service, there’s not much to advise you of because we simply can’t tell if it’s you or someone else.

That said, services on Xojo Cloud servers don’t listen in any public interfaces unless they absolutely need to and the firewall is locked up tight by default except for the four or five ports that need to be open to maintain the server and for it to serve web apps.

Like any other server, Xojo Cloud servers are constantly being probed for weaknesses, but we do keep them up to date in terms of security updates.

Tony_Barry · December 19, 2015, 12:02am

Thank you Greg. Much appreciated.

system · October 29, 2020, 6:06pm