SECURITY

SECURITY

GENERAL

The U-turn is software that can be used to extract, transform and load data from a variety of sources and destinations. This document describes the different security measures taken so that all (sensitive) data is protected.

The U-turn uses an Organisation SSL certificate. This certificate is provided by GlobalSign CA. Every day numerous security scans are performed by a third party to ensure that there are no vulnerabilities in the software. The result of this scan are reported.

Data center - environmental safeguards
The data centers are state of the art, utilizing innovative architectural and engineering approaches.

Fire detection and suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.

Power
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.

Climate and temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels. The datacenter monitors electrical, mechanical and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

DATA CENTER - CONFIGURATION MANAGEMENT

Emergency, non-routine, and other configuration changes to existing datacenter infrastructure are authorized, logged, tested, approved, and documented in accordance with industry norms for similar systems. Updates to the datacenters infrastructure are done to minimize any impact on the customer and their use of the services.

DATA CENTER - NETWORK SECURITY

The network provides significant protection against traditional network security issues and the customer can implement further protection. The following are a few examples:

Distributed Denial Of Service (DDOS) attacks
The datacenter Application Programming Interface (API) endpoints are hosted on large, Internet-scale, world-class infrastructure that benefits from the same engineering expertise that has built our datacenter vendor into the worlds largest online retailer. Proprietary DDoS mitigation techniques are used. Additionally, The datacenter networks are multi-homed across a number of providers to achieve Internet access diversity.

Man In The Middle (MITM) attacks
All of the datacenter APIs are available via SSL-protected endpoints which provide server authentication. Customers can then use the secure APIs to call the console and access the host certificates before logging into the instance for the first time. Customers are encouraged to use SSL for all of their interactions with datacenter.

IP Spoofing
The hosted virtual machine instances cannot send spoofed network traffic. The datacenter-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.

Port scanning
Unauthorized port scans by the datacenter customers are a violation of the datacenter Acceptable Use Policy. Violations of the datacenter Acceptable Use Policy are taken seriously, and every reported violation is investigated. Customers can report suspected abuse via the contacts available on a website. When unauthorized port scanning is detected it is stopped and blocked. Port scans of instances in the datacenter are generally ineffective because, by default, all inbound ports on datacenter instances are closed and are only opened by the customer. The customers strict management of security groups can further mitigate the threat of port scans. If the customer configures the security group to allow traffic from any source to a specific port, then that specific port will be vulnerable to a port scan. In these cases, the customer must use appropriate security measures to protect listening services that may be essential to their application from being discovered by an unauthorized port scan. For example, a web server must clearly have port 80 (HTTP) open to the world, and the administrator of this server is responsible for the security of the HTTP server software, such as Apache.

Packet sniffing by other tenants
It is not possible for a virtual instance running in promiscuous mode to receive or sniff traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each others traffic. Attacks such as ARP cache poisoning do not work within the datacenter. While the datacenter does provide ample protection against one customer inadvertently or maliciously attempting to view anothers data, as a standard practice customers should encrypt sensitive traffic.

DATA CENTER - INSTANCE SECURITY

Security within instances in the datacenter is provided on multiple levels: the operating system (OS) of the host system, the virtual instance operating system or guest OS, a firewall, and signed API calls. Each of these items builds on the capabilities of the others. The goal is to protect against data contained within instances from being intercepted by unauthorized systems or users and to provide instances themselves that are as secure as possible without sacrificing the flexibility in configuration that customers demand. There are multiple levels of security in use:

Host Operating System
Administrators with a business need to access the management plane are required to use multifactor authentication to gain access to purpose-built administration hosts. These administrative hosts are systems that are specifically designed, built, configured, and hardened to protect the management plane of the cloud. All such access is logged and audited. When an employee no longer has a business need to access the management plane, the privileges and access to these hosts and relevant systems are revoked.

Guest Operating System
Virtual instances are completely controlled by the customer. Customers have full root access or administrative control over accounts, services, and applications. The datacenter does not have any access rights to customer instances and cannot log into the guest OS.

Firewall
The datacenter provides a complete firewall solution; this mandatory inbound firewall is configured in a default deny-all mode and we as Mooqe must explicitly open the ports needed to allow inbound traffic. The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). The firewall can be configured in groups permitting different classes of instances to have different rules. Consider, for example, the case of a traditional three-tiered web application. The group for the web servers would have port 80 (HTTP) and/or port 443 (HTTPS) open to the Internet. The group for the application servers would have port 8000 (application specific) accessible only to the web server group. The group for the database servers would have port 3306 (MySQL) open only to the application server group. All three groups would permit administrative access on port 22 (SSH), but only from the customers corporate network. Highly secure applications can be deployed using this expressive mechanism. See diagram below: The firewall isnt controlled through the Guest OS; rather it requires the customer's X.509 certificate and key to authorize changes, thus adding an extra layer of security.

User credentials
All user credentials used to access Mooqes software or to access environments from e.g. ERP software environments are salted and encrypted.

User passwords
When a new user account is created, the passwords are automatically created and have a minimum length and also are a combination of upper/lower case and special characters.

Cleansing
When a user environment is not used anymore, the environment will be deleted after 3 months. This means that any data related to this account will be removed. Mooqe wont be able to restore this data. This means that none of the customer data will be stored anywhere within the Mooqe network.

 

 

 

 

 

Deze website is gemaakt in AFAS OutSite

Wij automatiseren jouw routines