FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Transcription

1 FileRunner Security Overview An overview of the security protocols associated with the FileRunner file delivery application

2 Overview Sohonet FileRunner is a secure high-speed transfer application that runs in a web browser. The software utilizes no plugins and works by uploading the data into the Sohonet FileStore system (based on OpenStack Swift). Once the files are successfully uploaded, FileRunner then notifies the recipients that the material is ready for download. Architecture Data Transport Data that is uploaded by FileRunner is encrypted by the user's web browser and is secure end-toend. Data downloads are encrypted on the network also using the same security technology. End-toend TLS (Transport Layer Security / RFC 5246) is used with strong encryption utilizing a 2048 bit key length, cipher suites utilised are limited to known strong algorithms. Sohonet audit our TLS security continually. Qualys testing rates our TLS setup (including the encryption) as grade A.

3 FileRunner Application Server The FileRunner web application is a separate system from that which stores the data to be uploaded or downloaded, Sohonet s private cloud storage service FileStore. FileRunner uses secure limited temporal tokens to access data stored in FileStore, using CORS (cross origin resource sharing). A token issued is only valid for one action, e.g. in order to upload, a token is cryptographically signed, which only allows the HTTP verb PUT or POST, and to download a token is given that only allows the HTTP verb GET. FileRunner has been developed with standard web application technologies (Django Web Framework), which enables rapid, secure development. The framework has built-in protections to avoid common web security problems, such as Cross site scripting (XSS), Cross site request forgery (CSRF), SQL injection, Clickjacking, and Host header validation. The application performs user authentication and role validation, and also controls access to the data. All actions performed are logged to centralised secure logging infrastructure to provide an audit trail. In addition, data that is uploaded or downloaded from Sohonet Media Network connected locations is carried over Sohonet private circuits only, and does not touch the public Internet (see Sohonet Media Network Security in Appendix). Authentication Password strength can be set according to the individual requirements of each customer. We are able to support passwords with requirements based on, number of upper and lower case letters, number of digits, punctuation characters, non ascii characters and number of words. Content Life time Data Expiry Customer s data is stored on Sohonet FileStore for 120 hours. This enables transfer between disparate time zones, even when transferring over an extended weekend. Data will be permanently deleted from the Storage discs 120 hours after upload. This is an automated process and no recovery of the files can be made after this time. Access Period During the 120 hour period of data availability it is possible to set an access window for recipients to download a package. For example, you can upload a package today but not make it available to recipients until tomorrow or only allow the download for the next 12 hours. The access time can be set by the uploading user. Uploaded data is stored on disks within FileStore in a fragmented obfuscated fashion. The filenames used by the data uploader are not visible to Sohonet Staff. Data encryption at rest is on the FileRunner

4 roadmap and is scheduled for Q4. For increased resilience, three copies of the data are stored at all times Systems Access Sohonet systems administrators manage the Sohonet Storage systems using VPN s and multiple firewalls. Only senior administrators are allowed direct access to the Storage systems. Two-factor authentication is in place for Sohonet staff who login to the VPNs. Each upload and download operation is logged to secure centralized systems, providing a full audit trail for data access. Sohonet retain our access logs permanently. Location The Sohonet FileStore systems are kept in a HIPAA/SOC-compliant Data Center in Downtown Los Angeles, and in London. Access to the data center requires a RFID card, and access to the suite requires a RFID card plus a successful Biometric fingerprint scan. Each storage system rack is protected with a unique code, and no other servers are kept within the same rack. 24/7 CCTV monitoring backed by digital recordings is in place throughout the Data Centre. The Data Center is manned by onsite security staff 24/7. Security audits are conducted regularly and the Data Center undergoes frequent tests for compliance.

5 APPENDIX Sohonet Media Network Security SMN is implemented over infrastructure for which Sohonet has complete control. All IP routing within the SMN is performed on devices solely configured and solely controlled by Sohonet staff. Sohonet actively monitor the network and will take immediate action if it is believed any client has suffered a security breach. The Sohonet global network is built entirely using private point to point connections, and only touches the public internet at specific, controlled gateway points. Sohonet maintains internal security of the network using a number of perimeter network security technologies. These protect the Sohonet network from the outside world and give us additional visibility and control over data crossing the boundary between Sohonet and other networks. We use a range of commercial and in-house developed technologies to continuously scrutinize our own network for these performance and security issues. These include custom IDS (intrusion detection systems) within the network, passive and active scanning of devices on the network and automatic trend monitoring and detection. Sflow and netflow in particular allow us to have an extremely detailed view of the types of traffic moving through our network, both for performance and security purposes, without impacting the performance of our network. Sohonet determined early in the design of Sohonet that the highest levels of security and performance within our global network could only be achieved and continuously maintained if the core routers and servers that control and monitor the network were subject to an extremely high level of monitoring from both a security and performance perspective. This philosophy has allowed Sohonet to proactively update and tune the design of our network core as we have encountered emerging security threats and has allowed us to cope with new production workflows and support new network based production tools. Patching and Configuration management Sohonet systems are automatically patched for all network facing packages, within 2 hours of a patch being made available by the supplier. Sohonet uses a combination of Linux distributions, Ubuntu and Debian. The systems are controlled by configuration management, so all configuration changes are documented in our source control systems.