Altus UC Security Overview



Similar documents
Security Policy JUNE 1, SalesNOW. Security Policy v v

SITECATALYST SECURITY

Famly ApS: Overview of Security Processes

Secure, Scalable and Reliable Cloud Analytics from FusionOps

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

IBX Business Network Platform Information Security Controls Document Classification [Public]

Security Controls for the Autodesk 360 Managed Services

Recommended IP Telephony Architecture

Birst Security and Reliability

CONTENTS. Security Policy

FormFire Application and IT Security. White Paper

Firewall Environments. Name

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

Cloud Management. Overview. Cloud Managed Networks

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

Security and Managed Services

KeyLock Solutions Security and Privacy Protection Practices

GoodData Corporation Security White Paper

GiftWrap 4.0 Security FAQ

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

Powering the Cloud Desktop: OS33 Data Centers

RL Solutions Hosting Service Level Agreement

Retention & Destruction

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

74% 96 Action Items. Compliance

1B1 SECURITY RESPONSIBILITY

PCI Requirements Coverage Summary Table

Cloud Management. Overview. Cloud Managed Networks

Security Whitepaper: ivvy Products

State of Texas. TEX-AN Next Generation. NNI Plan

SonicWALL PCI 1.1 Implementation Guide

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Executive Summary and Purpose

IT Security Standard: Network Device Configuration and Management

CHIS, Inc. Privacy General Guidelines

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Client Security Risk Assessment Questionnaire

GE Measurement & Control. Cyber Security for NEI 08-09

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Ranch Networks for Hosted Data Centers

PCI Requirements Coverage Summary Table

Achieving PCI-Compliance through Cyberoam

ICE SDR SERVICE DISCLOSURE DOCUMENT

CITY UNIVERSITY OF HONG KONG Network and Platform Security Standard

How To Protect Your Network From Attack From Outside From Inside And Outside

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Network & Information Security Policy

Ignify ecommerce. Item Requirements Notes

Access control policy: Role-based access

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

How To Protect Your Network From Attack

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Network Security Guidelines. e-governance

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Firewall Security. Presented by: Daminda Perera

Cloud Contact Center. Security White Paper

Payment Card Industry Self-Assessment Questionnaire

FIREWALLS & CBAC. philip.heimer@hh.se

Autodesk PLM 360 Security Whitepaper

White Paper: Librestream Security Overview

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Cornerstones of Security

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Data Management Policies. Sage ERP Online

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

March

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Vendor Audit Questionnaire

Firewalls. Chapter 3

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Wired Network Security: Hospital Best Practices. Jody Barnes. East Carolina University

CLOUD SERVICES FOR EMS

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewalls, IDS and IPS

Web Drive Limited TERMS AND CONDITIONS FOR THE SUPPLY OF SERVER HOSTING

Tenzing Security Services and Best Practices

Chapter 11 Cloud Application Development

Vendor Questionnaire

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Transcription:

Altus UC Security Overview Description Document Version D2.3

TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS... 1 NETWORK... 1 3.1 FIREWALL... 2 INTRUSION DETECTION AND PREVENTION... 2 VPN... 2 OPERATIONAL AND ENVIRONMENTAL SECURITY... 2 USER AUTHENTICATION... 2 OPERATIONS MANAGEMENT... 2 INTERNAL NETWORK... 3 SERVER MANAGEMENT... 3 DATABASE... 3 AVAILABILITY... 3 BACKUPS... 4 DISASTER RECOVERY... 4 SENSITIVE DATA... 4 9. NOTICES... 4 ii

1. Overview Altus Cloud PBX applications and services are running on multiple servers within Altus Cloud PBX Datacenters. Altus Cloud PBX provides applications and services that are assured by the implementation of security and availability methods and procedures designed to cover physical access and protection, network connectivity, remote and local access, application and server management, availability and customer sensitive data. 2. Physical Security Altus Cloud PBX partners with datacenter operators with years of experience in design, implementation and operation of large-scale datacenters. These facilities provide physical, environmental and access security, protecting BroadCloud PBX physical and virtual application environments. 2.1 Facility 24x7 On-site security personnel. Nondescript and unmarked facilities with natural boundary protection. Silent alarm system with automatic notification of local law enforcement. Building code compliance to local governmental standards. Environmental Safeguards Access Network Fully redundant HVAC facilities. Automatic Fire suppression systems, dual alarmed heat/smoke), dual interlock with cross-linked event management. N+1 redundant UPS power system supporting entire datacenter capacity, with redundant backup generators. Where appropriate, localized disaster compliance seismic, flood control). Biometric scanning and/or 2-factor authentication for access. All ingress/egress through vestibules man-traps). Access requires valid government issued photo ID. All access history is recorded for audit. Authorization required prior to access, only provided for legitimate business need. Shipping and Receiving are walled off from co-location areas. For both ingress and egress, all material is inspected upon arrival by on-site security staff. External network security falls into two generalized categories of firewall protection and intrusion detection and prevention.when peer connections are allowed to the Altus Cloud PBX, VPN peering provides secure access. Additional internal network 1

configuration isolates web, application and database layers to further eliminate possible intrusion. 3.1 Firewall The firewalls are configured in multiple zones for tiered security. All public access to Altus Cloud PBX applications and services traverses a demilitarized zone DMZ for added security. The firewalls are configured to only allow traffic specific to Altus Cloud PBX applications and services. All other traffic is restricted. Access policies are defined based on UDP/TCP service port, source IP addresses and destination IP addresses. Access to a specific application or service is minimized to the smallest possible set of service ports and IP addresses. FTP and telnet are blocked both at the firewall, and where necessary, at the serveros level, preventing anonymous access. Intrusion Detection and Prevention VPN Both hardware and software solutions to identify, classify, and stop malicious traffic before it affects application continuity. Inline prevention technologies take preventive action on a broad range of threats including Denial of Service DoS, without the risk of dropping legitimate traffic. Network protection from policy violations, vulnerability exploitations, and anomalous activity through detailed inspection of traffic in Layers 2 through 7. Where needed to connect to service provider networks and enhanced content providers, connection out of the network takes place over IPsec or MPLS VPN. Strong Encryption is used to provide the highest level of peering security. Operational and Environmental Security User Authentication Users of Altus Cloud PBX applications and services are required to authenticate upon access by means of a valid user ID and password. This and other identifiable information is encrypted by means of SSL HTTPS while in transmission from the user s endpoint to/ from the Altus Cloud PBX application or service. Operations Management All Altus Cloud PBX personnel have background checks performed prior to hire. Restricted access granted only to personnel necessary to perform management, maintenance and monitoring functions. Customer ticketing via customer portal, including support history. 2

Internal Network Traffic between public and private networks traverses a proxy server located in a demilitarized zone DMZ) to improve security in the private network. Virtual Local Area Networks VLAN) and firewalls isolate each subnet. Maintenance access to systems used to deliver services is through an independent IP subnet. Backup connectivity to the management subnet is via out-of-band connectivity to a terminal server using encrypted SSH access, and access to the terminal server is limited to specific Adaption Specific IP addresses. Authentication, authorization and accounting on network components are controlled down to the command level. Server Management Database Servers are fully hardened, removing/disabling unnecessary services SMTP, Telnet, FTP, etc. Operating system and supporting applications are regularly updated to safeguard against emerging vulnerabilities. User account management manages and limits OS user authorization. All Command line activity is logged and monitored to prevent unauthorized OS user activity. Password Control including regular rotation, strong structure, encryption during transmission, and are not stored within Altus Cloud PBX environments. Database access is controlled and limited to Altus Cloud PBX operations resources. Altus Cloud PBX application layers completely segment Altus Cloud PBX customer data, thus preventing access by any other customer s data or application. No external network connectivity allowed on database layer servers. Password Control including regular rotation, strong structure, and application specific passwords where necessary. Availability Enterprise and carrier grade hardware utilized throughout the datacenter. Physical redundancy server configurations for web, application and database server layers. Servers deployed with redundancy across separate physical hosts and separate physical datacenters. Redundant connectivity throughout the internal network. 3

Backups Multiple ISPs connected and homogenized into the Altus Cloud PBX datacenter to eliminate single point of connectivity failure. Highly available storage/disks including redundant power supplies, controllers, RAID 5 arrays with live spares, and network connections. All datacenter hardware fed by redundant and disparate commercial power, backedup by UPS and generators. Automation provides regularly scheduled backups of DB and server images. Synchronization technology sends regular updates of backups electronically to offsiteand geographically disparate storage. All local and offsite backups are monitored and automatically retry as needed. Altus Cloud PBX code objects are regularly backed up both locally and offsite. Backups are tested regularly. Disaster Recovery In the event of a service affecting and potentially long term outage of a datacenter due to a natural disaster or other cause beyond the control of Altus Cloud PBX, backups can be retrieved from offsite storage, and can rebuild effected applications and services. Sensitive Data Altus Cloud PBX recognizes that in some cases, certain end-user sensitive data may exist within the scope of data managed on behalf of its customers. In these cases, additional care will be taken to conform to the local governing laws for this data, regardless of region. This may be in the form of managing such data within the confines of the region, or country. No such sensitive data shall ever be taken out of the Altus Cloud PBX datacenters or its established backup networks. Wherever possible, Altus Cloud PBX will manage sensitive data under these seven guidelines: Notice End-users will be notified upon collection of end-user sensitive data. Purpose The data collected will only be used for the purpose of providing Altus Cloud PBX services. Consent Sensitive data should not be disclosed without the end-user s consent. Security Collected data will be kept safe. Disclosure End-users are to be aware of who is collecting sensitive data. Access End-user should be able to correct inaccurate data. Accountability End-Users should be able to hold Altus Cloud PBX accountable for these guidelines. 9. Notices This document is for informational purposes, only. Altus Cloud PBX is continually updating its practices and policies regarding datacenter deployment and security, as 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information