|December 14, 2018 4:36 pm MST|
Secure Document Service (SDS) System
Security is an essential component of the SDS system. Providing an environment for assured access to those with permission, while hiding it from those without is a major feature designed and built into the SDS system from the ground up.
This page should provide you the essential information you need to understand the many security issues and how the SDS system addresses them.
Data flows between the system components as shown in the picture above.
Security of the Data Source
Reports generated by the Cortex Gold system to the SDS servers are sent in two parts; the report itself, and some associated description information used to describe the document.
This information is encrypted during its transfer over the Internet, using both the Secure Socket Layer (SSL) communication protocol and the Secure Shell (SSH) program. Using these standard facilities, the privacy of the information from the Cortex Gold system to the SDS servers is assured.
Data Storage Security
SDS User Account Access Security
In addition to the password protection, the users are required to enter the SDS system from a specific access URL. Logins will be unsuccessful if the user attempts to enter the SDS system from any other URL.
Login attempts with an incorrect account name, password combination cause the system to pause before the user can attempt another attempt. This slows down attempts to guess correct access information.
The Lab's SDS Administrator can create and destroy accounts as needed. Accounts can also be suspended (made 'Inactive') by the SDS Administrator for times when the account user is known to not be needing access to the system. When an account is inactive, no access is allowed even with the proper account name and password.
SDS user accounts cannot be shared. Each person with authorized access to the SDS system must have their own account, and no account can be authenticated to the system at the same time. (Individual user accounts is enforced through policy and single sessions is enforced by the SDS authentication system.)
All sessions employ an 'idle' timeout such that an unattended SDS session is automatically disabled requiring re-authentication when the user wants to access the system again. The default value for this time is 10 minutes.
SDS Document Security Provisions
The Adobe PDF file reader application is free from Adobe and available for quite a number of user system platforms.
All user access to any SDS web page and displayed report is performed using the Secure Socket Layer (SSL) communication protocol which is supported by your browser. The SDS servers have all been fitted with a 128 bit digital certificate to support the transfer of the information to your browser securely.
The SDS reports are encrypted from, before the SDS receives them, until the report is displayed on your browser.
SDS Document Disposition
SDS Server Physical Security and Availability
We use dedicated servers for the SDS system application. These systems are not used for any other purpose, or by any other company.
The servers are running a current commercial version of Linux, which is kept up-to-date to defend against security issues when they are discovered by the computer security industry.
The physical SDS servers are located in secure 'Server Farms' which provide for the 'care and feeding' of the physical boxes. The building is accessible through card key access. Power is delivered to the servers only after passing through power conditioning equipment and is backed up by both battery and gas generators. The network sits behind redundant firewalls setup in a failover array for redundant protection from Denial of Service (DoS) attacks and other hacker activities.
Multiple connections to the internet backbone are provided to increase availability and up-time should a major carrier have problems.
Technical staff members are available 24x7x365 with spare part availability should there be an issue with an SDS server.