TECHNICAL NOTES BrightSign Network Security Statement BrightSign, LLC. 16795 Lark Ave., Suite 200 Los Gatos, CA 95032 408-852-9263 www.brightsign.



Similar documents
Security Features: Lettings & Property Management Software

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

December P Xerox App Studio 3.0 Information Assurance Disclosure

Security Whitepaper: ivvy Products

CTS2134 Introduction to Networking. Module Network Security

INSTALLATION GUIDE. BrightSign Network Enterprise Edition 3.5

USER GUIDE. Diagnostic Web Server FW ver BrightSign, LLC Lark Ave., Suite B Los Gatos, CA

Security Policy JUNE 1, SalesNOW. Security Policy v v

Autodesk PLM 360 Security Whitepaper

Security + Certification (ITSY 1076) Syllabus

KeyLock Solutions Security and Privacy Protection Practices

TECHNICAL NOTES. Editing Firmware Update Files in BSNEE. BrightSign, LLC Lark Ave., Suite B Los Gatos, CA

USER GUIDE. Diagnostic Web Server FW ver BrightSign, LLC Lark Ave., Suite B Los Gatos, CA

Dooblo SurveyToGo: Security Overview

Retention & Destruction

PATCH MANAGER what does it do?

Check Point Security Administrator R70

Tk20 Network Infrastructure

Network/Cyber Security

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Apteligent White Paper. Security and Information Polices

How To - Implement Clientless Single Sign On Authentication with Active Directory

Security and Information Policies

Famly ApS: Overview of Security Processes

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

IBX Business Network Platform Information Security Controls Document Classification [Public]

Adobe Digital Publishing Security FAQ

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

Alliance Key Manager A Solution Brief for Technical Implementers

Advanced Higher Computing. Computer Networks. Homework Sheets

Client Security Risk Assessment Questionnaire

Data Security Policy THE CTA. Guardian Electrical Solutions Ltd DATA SECURITY POLICY. Reviewed and approved by the Company Secretary Richard Roebuck

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

VMware vsphere Data Protection

Technical Proposition. Security

Orbograph HIPAA/HITECH Compliance, Resiliency and Security

Internet Banking Internal Control Questionnaire

74% 96 Action Items. Compliance

Understanding Sage CRM Cloud

Nixu SNS Security White Paper May 2007 Version 1.2

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Dashlane Security Whitepaper

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

StreamServe Persuasion SP5 Control Center

Passing PCI Compliance How to Address the Application Security Mandates

Five keys to a more secure data environment

THE OPEN UNIVERSITY OF TANZANIA

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

THE TOP SECURITY QUESTIONS YOU SHOULD ASK A CLOUD COMMUNICATIONS PROVIDER

Cloud Security Overview

Zerto Virtual Manager Administration Guide

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

BOWMAN SYSTEMS SECURING CLIENT DATA

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Security and Data Protection for Online Document Management Software

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

Hack Proofing Your Organization

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

TECHNICAL WHITE PAPER. Symantec pcanywhere Security Recommendations

Core Solutions of Microsoft Lync Server 2013

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Question 5: We inquire into whether the new dependent is the first child, as this give the advisor more context and avenues to assist the client.

The Importance of a Resilient DNS and DHCP Infrastructure

Information Security for the Rest of Us

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

INCIDENT RESPONSE CHECKLIST

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

Mirantis OpenStack Express: Security White Paper

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

DocAve 4.1 SharePoint Disaster Recovery High Availability (SPDR HA) User Guide

The Bomgar Appliance in the Network

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

Media Shuttle s Defense-in- Depth Security Strategy

Active Directory Services with Windows Server

Active Directory Services with Windows Server

Enterprise level security, the Huddle way.

SysAid Cloud Architecture Including Security and Disaster Recovery Plan

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Security in the Sauce Labs Cloud

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Building Energy Security Framework

InterCall Streaming Services Security Planning and Testing

SECURITY DOCUMENT. BetterTranslationTechnology

CA ARCserve and CA XOsoft r12.5 Best Practices for protecting Microsoft Exchange

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Transcription:

TECHNICAL NOTES BrightSign Network Security Statement BrightSign, LLC. 16795 Lark Ave., Suite 200 Los Gatos, CA 95032 408-852-9263 www.brightsign.biz

INTRODUCTION For a cloud-based content management and distribution network, database security and server reliability should be of the highest prioirty. The BrightSign Network has been built with these principles in mind. This document provides a general overview of security and recovery architecture for the BrightSign Network. Note that some specific information may be withheld for security purposes. Physical Security All BrightSign Network servers are hosted using Amazon Web Services (AWS). Amazon strictly controls physical access to its platform infrastructure using military-grade perimeter control, as well as state-of-the art surveillance and intrusion-detection systems. Access to the Amazon data centers is limited only to Amazon employees with legitimate business needs, and each grant of access is revoked once an individual s business need expires, even if the individual is still an employee of Amazon. All physical and electronic access to data centers by employees is logged and routinely audited. Virtual Data Center Security All communication with the BrightSign Network is mediated by two pairs of gateway servers. All calls to BrightSign Network domains are directed to these gateways. Each gateway communicates with a specific set of BrightSign Network nodes, and each pair of gateways is assigned traffic from a geographically distinct part of the globe. Nodes located within the security group (i.e. behind the gateways) can communicate directly with each other because they have a list of internal IP addresses; however, these addresses are not communicated outside of the security group. Technical Notes 1

DDoS Protection The gateway servers protect internal nodes from being overloaded in case of a distributed denial of service (DDoS) attack. Furthermore, there are backup gateway servers that are running warm 24 hours a day and can immediately come online if one or more gateway becomes overloaded with connections. Each gateway also has process code for the other gateways installed on it, so all gateways can be rotated to different routings or geographical assignments in event of an attack. General Disaster Recovery Each BrightSign Network server node has a backup server that can take over in case of unscheduled downtime. The database server for the BrightSign Network has both a mirror and a backup that frequently update to prevent data loss in event the production database goes offline. All active server nodes are monitored by scripts that notify BrightSign IT personnel less than a minute after a problem arises with a node. Protection Against Intrusion Attacks Quarterly scans are carried out to check for hacking and intrusion attempts. All server operating systems are also protected with industry-standard virus detection software. All BrightSign Network account passwords are hashed and salted. Once a password is generated, it is impossible for even BrightSign IT personnel to obtain the password from the BSN database. Furthermore, only a very limited subset of individuals at BrightSign have the credentials for root access to the BSN database. Application and Communications Security The BrightSign Network interacts with digital signage environments by communicating with BrightSign devices, BrightAuthor software, and the BSN API (i.e. the browser-based BSN WebUI). Devices The BrightSign Network and BrightSign devices communicate with each other using HTTPS, rather than HTTP. The BrightSign Network requires a device to authenticate itself with a hashed and salted phrase before it can download content. Technical Notes 2

BrightAuthor BrightAuthor requires BSN account authentication before affecting changes on the BrightSign Network. All communication between BrightAuthor and the BrightSign Network is carried out using HTTPS. BSN API Every API call requires account authentication before affecting changes on the BrightSign Network or returning content from the database. Data Center Operation Block Diagram Technical Notes 3

Notes * During normal operations, the Remote Monitoring Server only receives updates from the Monitoring Server within Data Center 1. If the Remote Monitoring Server is no longer receiving updates from the Monitoring Server, it will switch to receiving information directly from each Gateway, Application, and Database node. ** The Database Servers in Data Center 2 constantly mirror the Database Servers in Data Center 1. *** The Monitoring Server in Data Center 2 reports to the Monitoring Server in Data Center 1. Technical Notes 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information