FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Similar documents
05.0 Application Development

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

How to complete the Secure Internet Site Declaration (SISD) form

Security Whitepaper: ivvy Products

CONTENTS. PCI DSS Compliance Guide

FileCloud Security FAQ

SECURITY DOCUMENT. BetterTranslationTechnology

CONTENTS. Security Policy

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

MIGRATIONWIZ SECURITY OVERVIEW

Security Policy JUNE 1, SalesNOW. Security Policy v v

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Web Plus Security Features and Recommendations

Remote Services. Managing Open Systems with Remote Services

CLOUD FRAMEWORK & SECURITY OVERVIEW

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Building Energy Security Framework

U06 IT Infrastructure Policy

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

ADM:49 DPS POLICY MANUAL Page 1 of 5

IBM Connections Cloud Security

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Online Vulnerability Scanner Quick Start Guide

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Did you know your security solution can help with PCI compliance too?

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Cloud Security:Threats & Mitgations

Accellion Security FAQ

Famly ApS: Overview of Security Processes

Comparative study of security parameters by Cloud Providers

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Basics of Internet Security

Reference Architecture: Enterprise Security For The Cloud

Criteria for web application security check. Version

Client Security Risk Assessment Questionnaire

Technical specifications

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Secure, Scalable and Reliable Cloud Analytics from FusionOps

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

74% 96 Action Items. Compliance

Sitefinity Security and Best Practices

Passing PCI Compliance How to Address the Application Security Mandates

GiftWrap 4.0 Security FAQ

Use of Exchange Mail and Diary Service Code of Practice

A Decision Maker s Guide to Securing an IT Infrastructure

Guidelines for Web applications protection with dedicated Web Application Firewall

How To Use Egnyte

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

FormFire Application and IT Security. White Paper

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Adworks Local Area Marketing. The way it works

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

What Do You Mean My Cloud Data Isn t Secure?

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

REDCap Technical Overview

DATA SECURITY POLICY. Data Security Policy

Experian Secure Transport Service

SERENA SOFTWARE Serena Service Manager Security

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

Dooblo SurveyToGo: Security Overview

Enterprise level security, the Huddle way.

Premier Services Program (PSP) Tools: Security Overview

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Where every interaction matters.

Filestor Digital Asset Management. The way it works

Chapter 8: Security Measures Test your knowledge

FMCS SECURE HOSTING GUIDE

Accellion Security FAQ

CareGiver Remote Support Information Technology FAQ

Cloud Security Framework (CSF): Gap Analysis & Roadmap

join.me architecture whitepaper

SNAP WEBHOST SECURITY POLICY

Projectplace: A Secure Project Collaboration Solution

Altus UC Security Overview

Tk20 Network Infrastructure

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

SHARPCLOUD SECURITY STATEMENT

Our Key Security Features Are:

Information Technology Security Procedures

ITAR Compliant Data Exchange

McAfee SMC Installation Guide 5.7. Security Management Center

December P Xerox App Studio 3.0 Information Assurance Disclosure

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

owncloud Architecture Overview

RemotelyAnywhere Getting Started Guide

SANS Top 20 Critical Controls for Effective Cyber Defense

Business process efficiency is improved with task management, alerts, notifications and automated process workflows.

Security Controls for the Autodesk 360 Managed Services

Workday Mobile Security FAQ

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Research Information Security Guideline

Transcription:

FileRunner Security Overview An overview of the security protocols associated with the FileRunner file delivery application

Overview Sohonet FileRunner is a secure high-speed transfer application that runs in a web browser. The software utilizes no plugins and works by uploading the data into the Sohonet FileStore system (based on OpenStack Swift). Once the files are successfully uploaded, FileRunner then notifies the recipients that the material is ready for download. Architecture Data Transport Data that is uploaded by FileRunner is encrypted by the user's web browser and is secure end-toend. Data downloads are encrypted on the network also using the same security technology. End-toend TLS (Transport Layer Security / RFC 5246) is used with strong encryption utilizing a 2048 bit key length, cipher suites utilised are limited to known strong algorithms. Sohonet audit our TLS security continually. Qualys testing rates our TLS setup (including the encryption) as grade A.

FileRunner Application Server The FileRunner web application is a separate system from that which stores the data to be uploaded or downloaded, Sohonet s private cloud storage service FileStore. FileRunner uses secure limited temporal tokens to access data stored in FileStore, using CORS (cross origin resource sharing). A token issued is only valid for one action, e.g. in order to upload, a token is cryptographically signed, which only allows the HTTP verb PUT or POST, and to download a token is given that only allows the HTTP verb GET. FileRunner has been developed with standard web application technologies (Django Web Framework), which enables rapid, secure development. The framework has built-in protections to avoid common web security problems, such as Cross site scripting (XSS), Cross site request forgery (CSRF), SQL injection, Clickjacking, and Host header validation. The application performs user authentication and role validation, and also controls access to the data. All actions performed are logged to centralised secure logging infrastructure to provide an audit trail. In addition, data that is uploaded or downloaded from Sohonet Media Network connected locations is carried over Sohonet private circuits only, and does not touch the public Internet (see Sohonet Media Network Security in Appendix). Authentication Password strength can be set according to the individual requirements of each customer. We are able to support passwords with requirements based on, number of upper and lower case letters, number of digits, punctuation characters, non ascii characters and number of words. Content Life time Data Expiry Customer s data is stored on Sohonet FileStore for 120 hours. This enables transfer between disparate time zones, even when transferring over an extended weekend. Data will be permanently deleted from the Storage discs 120 hours after upload. This is an automated process and no recovery of the files can be made after this time. Access Period During the 120 hour period of data availability it is possible to set an access window for recipients to download a package. For example, you can upload a package today but not make it available to recipients until tomorrow or only allow the download for the next 12 hours. The access time can be set by the uploading user. Uploaded data is stored on disks within FileStore in a fragmented obfuscated fashion. The filenames used by the data uploader are not visible to Sohonet Staff. Data encryption at rest is on the FileRunner

roadmap and is scheduled for Q4. For increased resilience, three copies of the data are stored at all times Systems Access Sohonet systems administrators manage the Sohonet Storage systems using VPN s and multiple firewalls. Only senior administrators are allowed direct access to the Storage systems. Two-factor authentication is in place for Sohonet staff who login to the VPNs. Each upload and download operation is logged to secure centralized systems, providing a full audit trail for data access. Sohonet retain our access logs permanently. Location The Sohonet FileStore systems are kept in a HIPAA/SOC-compliant Data Center in Downtown Los Angeles, and in London. Access to the data center requires a RFID card, and access to the suite requires a RFID card plus a successful Biometric fingerprint scan. Each storage system rack is protected with a unique code, and no other servers are kept within the same rack. 24/7 CCTV monitoring backed by digital recordings is in place throughout the Data Centre. The Data Center is manned by onsite security staff 24/7. Security audits are conducted regularly and the Data Center undergoes frequent tests for compliance.

APPENDIX Sohonet Media Network Security SMN is implemented over infrastructure for which Sohonet has complete control. All IP routing within the SMN is performed on devices solely configured and solely controlled by Sohonet staff. Sohonet actively monitor the network and will take immediate action if it is believed any client has suffered a security breach. The Sohonet global network is built entirely using private point to point connections, and only touches the public internet at specific, controlled gateway points. Sohonet maintains internal security of the network using a number of perimeter network security technologies. These protect the Sohonet network from the outside world and give us additional visibility and control over data crossing the boundary between Sohonet and other networks. We use a range of commercial and in-house developed technologies to continuously scrutinize our own network for these performance and security issues. These include custom IDS (intrusion detection systems) within the network, passive and active scanning of devices on the network and automatic trend monitoring and detection. Sflow and netflow in particular allow us to have an extremely detailed view of the types of traffic moving through our network, both for performance and security purposes, without impacting the performance of our network. Sohonet determined early in the design of Sohonet that the highest levels of security and performance within our global network could only be achieved and continuously maintained if the core routers and servers that control and monitor the network were subject to an extremely high level of monitoring from both a security and performance perspective. This philosophy has allowed Sohonet to proactively update and tune the design of our network core as we have encountered emerging security threats and has allowed us to cope with new production workflows and support new network based production tools. Patching and Configuration management Sohonet systems are automatically patched for all network facing packages, within 2 hours of a patch being made available by the supplier. Sohonet uses a combination of Linux distributions, Ubuntu and Debian. The systems are controlled by configuration management, so all configuration changes are documented in our source control systems.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information