IMTerm Security
Enterprise-grade security built in from the ground up
Authentication Methods
| Method | Description | Config |
|---|---|---|
| Local / Built-in | Bcrypt password hashing, per-user accounts managed via admin console | auth.mode: local |
| LDAP / Active Directory | Bind authentication, group-to-role mapping, supports TLS and StartTLS | auth.mode: ldap |
| OIDC / OAuth2 | OpenID Connect, Okta, Azure AD, Google Workspace, and any compliant IdP | auth.mode: oidc |
| SAML 2.0 | SP-initiated SSO, ADFS, PingFederate, Okta. Signature validation via goxmldsig | auth.mode: saml |
| Kerberos SPNEGO | Keytab-based, transparent browser SSO on Windows domain machines | auth.mode: kerberos |
| mTLS client certificates | Mutual TLS, client certificate presented at TLS handshake, mapped to user | auth.mode: mtls |
RBAC Model
| Role | Permissions |
|---|---|
| Admin | Full access, user management, configuration, audit log, session monitoring, all terminal operations |
| User | Sessions, file transfer, printing, macros, scripting, Agent Mode |
| View-Only | Observe active sessions, no keyboard input, no transfer, no print |
All roles are enforced server-side. There is no client-side bypass path.
TLS
- TLS 1.2 minimum. TLS 1.0 and TLS 1.1 are refused at the listener.
- HSTS enforced with a 2-year max-age (
Strict-Transport-Security: max-age=63072000; includeSubDomains). - Security headers on every response:
Content-Security-Policy,X-Frame-Options: DENY,X-Content-Type-Options: nosniff,Referrer-Policy: strict-origin-when-cross-origin. - WebSocket connections inherit TLS from the nginx/reverse proxy layer; origin validation enforced in server mode.
FIPS 140-2: A FIPS build is available using BoringCrypto (certificate 3678). Build with make build-fips. The FIPS binary uses BoringSSL for all cryptographic operations and refuses non-compliant cipher suites.
Audit Logging
- 96 structured IMTE message IDs, every event has a stable, documented ID.
- JSON format, one JSON object per line, SIEM-ready (Splunk, Elastic, QRadar).
- Covers: every login, logout, failed authentication, session start/end, file transfer, print job, admin action, and configuration change.
- Log rotation:
--audit-max-sizeflag,daily_rotationconfig key, configurable retention in days.
Session Security
- Idle timeout, configurable per user or globally; session terminated and audit-logged on expiry.
- Session recording, JSONL format, replay-capable, stored server-side.
- View-only sharing links, generate a time-limited URL that grants observe-only access to an active session.
- All session sharing events are audit-logged with the requesting user, target session, and timestamp.
- Session tokens use HttpOnly, Secure, SameSite=Strict cookies. No session state in the browser.
Data Protection
- No telemetry. No phone-home. IMTerm does not contact any external service at runtime.
- License validated offline using HMAC-SHA256. No license server calls.
- Passwords stored as bcrypt hashes (cost factor 12). No plaintext secrets anywhere.
- No sensitive data stored in the browser, no localStorage, no sessionStorage for credentials.
- Static binary, zero runtime library dependencies, minimal OS attack surface. Dependencies audited with
go-licensesandnpm audit.
Security Disclosure
To report a security vulnerability in IMTerm, contact support@infomanta.com. Please include a description of the issue, steps to reproduce, and the IMTerm version. We respond to all reports within 2 business days.