User Tools

Site Tools


pergamonmu:quickstart:security

Esferico Security policy and Advice

Esferico ltd. take your security and privacy extremely seriously. Not only is our founder and managing director a Chartered IT Professional with a specialism in Cybersecurity, it is a subject that he also teaches to Higher Education students. It is no wonder then, that he extends the policies that he teaches into Esferico and its clients.

Database

Currently, Esferico ltd. support two different types of database with the Pergamon product line. The Networked installation utilises an RDBMS installed locally and is therefore out of our hands in regards to security and encryption however, all of the professional databases recommended (PostgreSQL, MySQL, MSSqlServer etc.) possess a high level of security and encryption, usually the equivalent of our stand-alone installations.

Standalone databases utilise the SQLite database environment. It is Esferico ltd. policy that all SQLite databases have Encryption turned on as standard. The database is encrypted using AES, the first and only publicly available cipher standard approved by the NSA for storage of top-secret information.

Advice on Authentication and Non-Repudiation

While Esferico provide two standard user account examples ('user' and 'pupil') with each installation in addition to the top level 'admin' account, it is Esferico's strongest possible advice that these two accounts are not used and that they are either deleted (after suitable replacements are created) or that they have their passwords changed and stored in the organisation (e.g. school) safe.

It is the normal data security policy that database access is provided through the use of accounts created solely for single individuals so that specific individual authentication can take place as well as non-repudiation (denial of actions undertaken).

Use of a single account by multiple people, or the use only of an open account, not only allows repudiation of actions but also increases the chances that login information is accidentally revealed to third parties. All users - both staff and assistants - should have their own accounts, and should protect those accounts themselves (current passwords for example, should not even be shared with IT support staff).

If in doubt, please consult your assigned local data controller.

Support involving data investigation

In the rare event that Esferico ltd. are required to investigate a problem with your database off-site, it is strongly advised that a backup copy (in addition to your normal everyday backup) is made of your data and then the readers are obfuscated using the provided manager level tool.

This tool will encrypt your reader names and any contact names using the AES standard using both the internal Pergamon security key and your specific installation license, then represent them in Base64. While the reader record is therefore still available and can be investigated, no knowledge of the reader's name or contact details are available to the support staff off-site therefore enforcing the data protection security requirement for personal information that individuals can not be specifically identified by the data.

This process is circular - a repeat of the obfuscate tool will return the readers to normal. The readers should be de-obfuscated either immediately (if the database is being investigated but not altered off-site) or when the database is returned (if data corrects are being made).



Quickstart Guide
Pergamon Wiki Home

pergamonmu/quickstart/security.txt · Last modified: 2017/09/01 15:23 by admin