Data Encryption and Transport Security

Comprehensive Security by Design

Server Scout implements security at every layer of the platform, ensuring your monitoring data remains protected throughout its entire lifecycle. From the moment data leaves your server until it's displayed in your dashboard, multiple layers of encryption and security controls safeguard your information.

Encryption in Transit

All communication between Server Scout agents and the dashboard uses HTTPS with TLS encryption. The lightweight Bash agent connects exclusively to the dashboard API via secure HTTPS connections, ensuring that all metric data is encrypted during transmission across the internet.

The agent uses curl with strict TLS certificate verification, which prevents man-in-the-middle attacks by validating the server's certificate against trusted certificate authorities. This means your server metrics are protected from interception or tampering whilst in transit.

HTTPS-Only Architecture

Server Scout's dashboard operates under a strict HTTPS-only policy:

• The dashboard is served exclusively over HTTPS
• Any HTTP connections are automatically redirected to HTTPS
• HTTP Strict Transport Security (HSTS) headers ensure browsers always use secure connections
• This prevents downgrade attacks and ensures your session remains encrypted

This approach eliminates the possibility of accidentally transmitting sensitive data over unencrypted connections.

API Key Security

Server authentication uses 64-character hexadecimal API keys generated with cryptographic random number generators. These keys are transmitted via the X-API-Key header over HTTPS connections only—never in plain text or through insecure channels.

The API key system ensures that:

• Only authorised servers can submit monitoring data
• Each server has a unique identifier
• Keys can be regenerated if compromised
• All authentication occurs over encrypted connections

Encryption at Rest

Your monitoring data doesn't just travel securely—it's also protected when stored. All monitoring data on Server Scout's EU-hosted infrastructure is encrypted at rest using industry-standard encryption algorithms. This ensures that even if physical storage media were compromised, your data would remain protected.

Cookie and Session Security

Browser sessions implement multiple security layers:

• HttpOnly flag: Prevents JavaScript from accessing session cookies, protecting against cross-site scripting (XSS) attacks
• SameSite attribute: Prevents cross-site request forgery (CSRF) attacks by restricting when cookies are sent
• HTTPS-only transmission: Session cookies are only transmitted over encrypted connections
• Secure flag: Ensures cookies are never sent over unencrypted HTTP connections

Webhook Security

Server Scout's webhook functionality includes built-in security protections:

• HTTPS requirement: All webhook URLs must use HTTPS encryption
• SSRF protection: Server-Side Request Forgery protections prevent webhook URLs from targeting internal network addresses
• Certificate validation: Webhook deliveries verify the target server's TLS certificate

These measures ensure that webhook notifications remain secure and cannot be exploited to probe internal systems.

No Plain-Text Secrets

Server Scout follows security best practices for credential storage:

• Password hashing: User passwords are hashed using strong cryptographic algorithms and never stored in plain text
• Secure key generation: API keys use cryptographically secure random number generators
• No credential exposure: Sensitive data never appears in logs, URLs, or error messages

Agent Integrity Verification

The Server Scout agent includes SHA-256 integrity verification to ensure the monitoring script hasn't been tampered with. This cryptographic verification provides assurance that you're running authentic, unmodified monitoring code.

Additional Security Features

Beyond encryption and transport security, Server Scout offers:

• Two-factor authentication (2FA): Available for user accounts to prevent unauthorised access
• Role-based access: Admin and user roles limit access to sensitive functions
• EU data residency: All data remains within EU-hosted infrastructure

Security-First Approach

These security measures aren't afterthoughts—they're fundamental to Server Scout's architecture. Every component, from the lightweight agent to the dashboard interface, is designed with security as a primary consideration. This comprehensive approach ensures that your server monitoring remains both effective and secure, giving you confidence in your infrastructure oversight.

For questions about security features or implementations, our AI support bot can provide immediate assistance with security-related enquiries through the dashboard.