MobileCare™ Monitor Operator’s Manual
Copyright 2008 © AFrame Digital, Inc.
33
4.3 Server Security
The AFrame Server stores information about caregivers and residents. The primary
threats to the Server are Internet-based attacks and insider threats. These threats
are countered though a variety of physical, technical, and procedural controls.
To protect against Internet-based threats, the AFrame Server is protected by
external and internal firewalls. The internal firewall implements a default deny
security policy whereby only essential traffic is allowed to reach the system.
Furthermore, the server is hardened to run only essential services. Administrative
access to the server is only permitted via public-key authenticated Secure Shell
(SSH) access and all administrative traffic is protected using strong encryption. To
ensure that the server is not left vulnerable to attack, strict configuration and security
patch management procedures are followed. As an additional measure, AFrame
periodically performs security scanning to validate its security posture.
To protect against internal threats, logical and physical access to the server is strictly
controlled. Server administration is performed under the principle of least privilege,
whereby administrators are given the level of access required to perform their duties
and no more. To ensure that administrators are accountable for their actions, the
system is configured to perform detailed auditing. To ensure that the server is
physically secure, the AFrame Server is hosted in a physically secure facility with
24x7x365 monitoring.
Summary of Contents for MobileCare
Page 2: ......