LBSEC. http://www.liveboxcloud.com



Similar documents
REQUIREMENTS LIVEBOX.

FileCloud Security FAQ

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Security Overview Enterprise-Class Secure Mobile File Sharing

Sync Security and Privacy Brief

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith


Project X Mass interception of encrypted connections

Sophos Mobile Control SaaS startup guide. Product version: 6

DiamondStream Data Security Policy Summary

Cornerstones of Security

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Is Your SSL Website and Mobile App Really Secure?

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Secure Your Mobile Workplace

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

SSL Certificates 101

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Security Policy Revision Date: 23 April 2009

The Security Behind Sticky Password

Interact Intranet Version 7. Technical Requirements. August Interact

White Paper. BD Assurity Linc Software Security. Overview

Novell Access Manager SSL Virtual Private Network

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

Web-Based Data Backup Solutions

Mobile Admin Security

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Instructions for use the VPN at the Warsaw School of Economics

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Detailed Description about course module wise:


INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

Workday Mobile Security FAQ

Where every interaction matters.

Server Software Installation Guide

Interwise Connect. Working with Reverse Proxy Version 7.x

Xerox DocuShare Security Features. Security White Paper

Access Your Cisco Smart Storage Remotely Via WebDAV

NSi Mobile Installation Guide. Version 6.2

Overview. SSL Cryptography Overview CHAPTER 1

SecurEnvoy Security Server. SecurMail Solutions Guide

Catapult PCI Compliance

Passing PCI Compliance How to Address the Application Security Mandates

Client System Requirements for Brainloop Secure Dataroom as of Version 8.30

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

Sichere Software- Entwicklung für Java Entwickler

Xerox Mobile Print Cloud

MAC Web Based VPN Connectivity Details and Instructions

Secure Web Appliance. SSL Intercept

2X SecureRemoteDesktop. Version 1.1

HTTPS Inspection with Cisco CWS

Content Teaching Academy at James Madison University

Introduction. Purpose. Background. Details

Windows Web Based VPN Connectivity Details & Instructions

CTERA Agent for Mac OS-X

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

What is an SSL Certificate?

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Healthcare Compliance Solutions

Accessing TP SSL VPN

Installation and Upgrade Guide

General tips for increasing the security of using First Investment Bank's internet banking

Using etoken for SSL Web Authentication. SSL V3.0 Overview

LiveBox Manual WEB USER.

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

SSL BEST PRACTICES OVERVIEW

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

Server Installation ZENworks Mobile Management 2.7.x August 2013

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Secure Traffic Inspection

Security IIS Service Lesson 6

Experian Secure Transport Service

Security Features 01/01/2014

SSL/TLS: The Ugly Truth

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

Live Guide System Architecture and Security TECHNICAL ARTICLE

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Installing and Configuring WhatsUp Gold

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Request Manager Installation and Configuration Guide

SchoolBooking SSO Integration Guide

Apache Server Implementation Guide

Guidelines for Web applications protection with dedicated Web Application Firewall

owncloud Architecture Overview

v7.8.2 Release Notes for Websense Content Gateway

Beginner s Guide to SSL Certificates

Setup Guide Access Manager Appliance 3.2 SP3

CA Performance Center

InTouch Access Anywhere

Transcription:

2014 LBSEC http://www.liveboxcloud.com

LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee for a specific purpose. LiveBox Srl reserves the right to review this publication and to make changes to the content, anytime, without any obligation to notify it to any person or entity about that revisions or changes. In addition, LiveBox Srl does not release declarations or guarantees about any software e in particular does not recognise any expressed or implied commercial or suitable guarantee for a specific purpose. LiveBox Srl reserves the right to review this publication and to make changes to any LiveBox software part, anytime, without any obligation to notify any person or entity about said revisions or changes. 2013-2014 LiveBox Srl. All rights reserved. Any part of this publication can be reproduced, duplicated, stored on a recovery system, or sent without the editor s expressed written approval. http://www.liveboxcloud.com 1

LiveBox is a private cloud software that allows you to store, share and edit data stored in a corporate datacenter offering a high security level. It is a multiplatform system accessibile from any mobile and remote device that guarantees business continuity and protects corporate files at all times. For further details regarding LiveBox platform functionality and the use of its applications we ask you to refer to our web site: http://www.liveboxcloud.com and to the technical documentation contained in it. LiveBox Support Team http://www.liveboxcloud.com 2

Index 1. LIVEBOX, A PRIVATE FILE SHARING... 4 2. SECURITY... 4 2.1 REMOTE WIPE... 5 2.2 PENETRATION TEST... 5 2.3 SECURE CODE (NO REVERSE ENGINEERING)... 5 2.4 PIN USE... 5 2.5 HTTPS PROTOCOL... 6 2.6 ANTIVIRUS... 6 http://www.liveboxcloud.com 3

1. LIVEBOX, A PRIVATE FILE SHARING LiveBox is a private file sharing platform with a client/server architecture. The server is located within the customer infrastructure, ensuring privacy and security of the data. Having an internet connection with public IP (or recorded on a dynamic naming service) it is possible to guarantee remote accessibility. It can be realized from standard compatible browsers HTML5 (IE 10, Firefox, Chrome, Opera, Safari), from OS Android systems (4.x), from ios systems (from 6.x), from Windows systems (from XP SP3, 32 bit or 64 bit), from Mac OSX (>= 10.7). During 2014 will ensure the platform support Windows Phone 8. Two paradigms lead our development platform: - Installation and use inside your own hardware infrastructure. - Sharing contents, in a private and secure way, without files relocation. 2. SECURITY Usually LiveBox organizes his security divided in two areas: 1) Transport protocol security: HTTPS protocol performes secure transactions between client and server, through Intranet or Internet communications. Data is encrypted by the server before transfer, this is achieved using a protected communication channel established through a web certificate. 2) Data security: Data location: Data is located in the client s infrastructure, so its informations are saved on the client s repository. This guarantees that corporate data is always located inside the corporate infrastructure, providing tracing systems and data leak prevention. Encrypted data: Content data is encrypted, using a PIN Code chosen by the user during first login on the platform, this PIN is known only to the final user and does not reside on the server platform. Data is saved on the mobile device encrypted with AES 256 symmetrical encryption, also using the hash of the PIN code chosen by the user. The symmetrical key encryption allows a fast encryption and decryption data, ensuring computing power friendly access for both the client and server. Asymmetrical key privacy: Data on the user s disk is encrypted using the PIN Code, preventing users with administrative permissions or root users from accessing the data. LiveBox user s device allows to separate data encryption from the security of the operating system hosting of the application. http://www.liveboxcloud.com 4

2.1 REMOTE WIPE The system allows system admins of LiveBox applications to disable access from a pre authorized device. In this way is possible to disable the access to the data for remote users with expired authorization or to disable access on stolen or lost devices. 2.2 PENETRATION TEST The LiveBox system has passed the penetration tests of the top 10 Oswap 2013 (Open Web Application Security Project), with the following results: Injection (A1) Broken Authentication and Session Management Cross Site Scripting (XSS) (A3) Insecure Direct Object Reference (A4) Unvalidated Redirects and Forwards (A10) This analysis has been performed using Acunetix v.8 a specialized commercial software for penetration testing on web applications. 2.3 SECURE CODE (NO REVERSE ENGINEERING) LiveBox application code is encrypted, this is done to prevent reverse engineering of the application by an OS admin user or a spiteful user. 2.4 PIN USE The PIN, within LiveBox system, corresponds to the user s private key. The user can encrypt or decrypt his files, in a selective way using this PIN code. This operation does not prevent sharing encrypted files with other users. http://www.liveboxcloud.com 5

2.5 HTTPS PROTOCOL HTTPS protocol is utilized to encrypt transport data from the device through which the user can login on the Livebox system, independently from the intermediate network path, preventing data tampering, falsification, and interception. The HTTPS protocol used in Livebox is characterized by an SSL (Secure Socket Layer) cryptography system with unilateral TLS. This is the web-server that authenticates on client, upon first login. LiveBox uses cookies to provide advanced functionality on the LiveBox web portal, the user has to accept Cookie Use during the first login access from a browser, this also enables two-step authentication for added security. The cookie is used during first access (user credentials). As soon as the Pin is set, this is used only by previously authorized devices to enable chat sessions in a secure and privacy oriented environment. The authentication is divided into four levels: - Server authentication on client (trasport-network level): the client verifies the server s identity through the web certificate, authorization is granted by a class 1 Certification Authority already installed in the root certificate of the user s browser. The SSL session on the web server ensures that the transport between client and server is protected on the network level. - User authentication (user-network level): the user enters credentials (local or on server remote LDAP/AD) to download the application; Livebox server contacts it s internal DB (if the user is a local one) or LDAP remote server, through a LAN connection, using the LDAP proxy reverse role (without compromising the local password or user domain). - Cookie authentication (application device level): once a user s device is correctly authenticated it releases a cookie that certifies the connection with Livebox server. The session is authenticated by the application server layer in order to verify that the user s connection device was previously authorized with a previous successful login. - PIN authentication (applicative - user level): the LiveBox application on the device is unlocked using the user s PIN code, a hash of this PIN code is used to encrypt data transfers to the application level and on the local file system. 2.6 ANTIVIRUS LiveBox system is secure against content alteration and from operating system file modifications, this is achieved by preventing execution of suspicious files. An additional protection level from the effects of virus infections is depends on files being locally saved in the disk space without extensions. In this case, even a localized Trojan inside the server can not execute code locally through registered files, as everything is encrypted. The system can easily be protected before an infected file is saved tothe local storage. The file passes through a common proxied protocol such as http/https, making inspection by proxy antivirus software, such as the Open Source (HVProxy) or commercial solutions like (F-Secure Proxy server, Symantec Gateway Antivirus, Firewall UTM Fortigate Antivirus) trivial. http://www.liveboxcloud.com 6

Figura 1: The LiveBox system resisting a virus infection; using a proxy Antivirus is it is possible to prevent the diffusion toward other clients. http://www.liveboxcloud.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information