Data protection
Protection against
unauthorised access to database
The
FCS-database is addressed by several users. These are bound to
roles, depending whether they represent “normal users”, “forum
administrators” or “system administrators”.
Protection against
unauthorised access to content (individual facts)
Every
access on single facts (reading or writing access) must happen over
a centric authentication module. That way possible error sources
could be minimised during authentication. The distribution of
permissions will be mirrored in an underlying database structure.
Permission-requests are programmed as functions into the database.
Protection against
changes
Since the FCS is
designed for versioning, the functionality of modification of data
is strained. With versioning the data a return to older versions of
information is possible. Certainly, the aforementioned
restrictions apply here too.
Protection against third-party access
Protection against third-party
access on the FCS
By the
use of a granular distribution of permissions-concept it is
possible to decide on user/groups-levels - who has access whereon
and in which kind. Here, the distribution of permissions can happen
more granularly compared to other operating systems.
Protection against third-party
access on the system level
Only
factline-intern employees can access our servers (shell accounts).
2 factline employees own root-permissions on our servers. Data,
managed by the FCS, can only be accessed from the FCS-server
(webserver), just as data from the database is accessible from the
database-server only.
Physical third-party
access
Our servers are
housed in verified buildings: remote video, audio control,
admittance for authenticated personell only.
Server operation
Where?
Hetzner
in Germany
Who?
factline
Webservices GmbH
Reliability
All
abrading components on our processors are designed redundantly and
addidtionally shelve in the service center. Through redundancies it
is possible to outsource a needed change of spare-parts into nights
or weekends. Air conditioner, redundant electricity supply,
emergency power diesel and UPS (uninterruptible power supply),
redundant internet connections
Availability
Mon-Fri
08:00 – 22:00/Sat 10:00 -17:00 – Attendance in the data
processing center. Besides the service personell is available
through phone & e-mail.
Service availibility
0-24/365
Permissions
Hardware permissions
Only
employees of the data processing center with access control and
prior instructions of ours.
Login accounts
factline
employees (long time developers)
IP based restrictions,
domain-based restrictions, only shell accounts. “no X”,...
Required services limited
ftp,
ssh smtp, domain, pop3, imap, https, pop3s, 1997
Root permissions
2
persons
Firewalls
Both,
hardware and software based firewalls are in use.
Server operation – coupling to domain
(permissions management)
In server operation the restrictions
are nearly unlimited. The following ones were already used:
VPN
Webserver
accessible over built tunnels.
ACCESS/DENY levels
On
a virtual-host level IP-rroms or subdomains (e.g: *.factlink.net)
could be activated.
HTTPS
Possible
on request. Recommended by factline since encoded.
User access (SSO)
per
LDAP gateway of the AD/Domain possible
|