Home > struktur > English > security_issues > factline data security

factline data security
 

  1. Data protection

    1. Protection against unauthorised access to database
      The FCS-database is addressed by several users. These are bound to roles, depending whether they represent “normal users”, “forum administrators” or “system administrators”.

    2. Protection against unauthorised access to content (individual facts)
      Every access on single facts (reading or writing access) must happen over a centric authentication module. That way possible error sources could be minimised during authentication. The distribution of permissions will be mirrored in an underlying database structure. Permission-requests are programmed as functions into the database.

    3. Protection against changes
      Since the FCS is designed for versioning, the functionality of modification of data is strained. With versioning the data a return to older versions of information is possible. Certainly, the aforementioned restrictions apply here too.

  2. Protection against third-party access

    1. Protection against third-party access on the FCS
      By the use of a granular distribution of permissions-concept it is possible to decide on user/groups-levels - who has access whereon and in which kind. Here, the distribution of permissions can happen more granularly compared to other operating systems.

    2. Protection against third-party access on the system level
      Only factline-intern employees can access our servers (shell accounts).
      2 factline employees own root-permissions on our servers. Data, managed by the FCS, can only be accessed from the FCS-server (webserver), just as data from the database is accessible from the database-server only.

    3. Physical third-party access
      Our servers are housed in verified buildings: remote video, audio control, admittance for authenticated personell only.

  3. Server operation

    1. Where?
      Hetzner in Germany

    2. Who?
      factline Webservices GmbH

    3. Reliability
      All abrading components on our processors are designed redundantly and addidtionally shelve in the service center. Through redundancies it is possible to outsource a needed change of spare-parts into nights or weekends. Air conditioner, redundant electricity supply, emergency power diesel and UPS (uninterruptible power supply), redundant internet connections

    4. Availability
      Mon-Fri 08:00 – 22:00/Sat 10:00 -17:00 – Attendance in the data processing center. Besides the service personell is available through phone & e-mail.

    5. Service availibility
      0-24/365

  4. Permissions

    1. Hardware permissions
      Only employees of the data processing center with access control and prior instructions of ours.

    2. Login accounts
      factline employees (long time developers)
      IP based restrictions, domain-based restrictions, only shell accounts. “no X”,...

    3. Required services limited
      ftp, ssh smtp, domain, pop3, imap, https, pop3s, 1997

    4. Root permissions
      2 persons

    5. Firewalls
      Both, hardware and software based firewalls are in use.

  5. Server operation – coupling to domain (permissions management)

In server operation the restrictions are nearly unlimited.

The following ones were already used:

    1. VPN
      Webserver accessible over built tunnels.

    2. ACCESS/DENY levels
      On a virtual-host level IP-rroms or subdomains (e.g: *.factlink.net) could be activated.

    3. HTTPS
      Possible on request. Recommended by factline since encoded.

    4. User access (SSO)
      per LDAP gateway of the AD/Domain possible


Metainfo:
Autor: factline Webservices GmbH; Copyright: factline Webservices GmbH; Publiziert von: factline Webservices GmbH (factline2)
factID: 1223937.1; Publiziert am 07 Aug. 2008 09:36
 
Verknüpfungen:
struktur  >  English  >  security_issues