Web Interface Security
Premier Services Program (PSP) Tools: Security Overview
7
Web Interface Security
Users log in to the PSP tools through a secure web interface. The user has the option to encrypt the data
transfer as well for the PSP connection session. The connection between the browser and the web server
is secured through industry-standard procedures and protocols, as follows:
1024-bit authentication and SSL or TLS.
The level of communications encryption is negotiated with the
client browser and supports up to 256-bit encryption.
User ID and password.
Passwords are stored (one-way-encryption) through a secure hash algorithm
version 1 (SHA-1) hash so that they cannot be recovered as plain text even with direct database access.
PSP Analytics Application Security
The PSP application is secured with a combination of internal policies and network security measures.
Internal policies that safeguard the hosted application include the following:
●
Strict rights management.
Rights are restricted to only necessary services and qualified personnel.
●
Limited physical access.
The application servers are within locked cages and safeguarded by card-
key access.
●
High Availability.
All the functional components (data and services) have been deployed with full
redundancy and failover capability.
●
Database backups and archives.
All data is backed up and archived regularly and securely. The
backups include on-line short term disk-based backups for fast recovery as well as tape based
backups for longer term and disaster recovery purposes.
Network security measures include the following:
●
Enterprise firewalls.
High-end firewalls with strict policies to secure and maintain data and
applications.
●
Network address translation (NAT).
NAT ensures that internal IP addresses are hidden and not
routable from the outside.
●
Hardened Applications.
The PSP website has been hardened against malicious attack attempts
includes techniques like cross site scripting (XSS) attacks, and SQL/JavaScript injection attacks.
PSP Data Center Physical Security
The PSP Data Center is located inside a tier 1 telecommunications facility, secured as follows:
●
Solid construction.
The PSP Data Center can withstand high severity level natural or man-made
disasters.
●
Highly available and reliable network connectivity.
Redundancy at every level ensures high
availability of all the PSP application services.
●
Continuous manned security.
Professional security personnel are present 24x7.
●
Restricted access.
Use of key cards, keypad access, and biometrics, all under video surveillance,
ensures that access is restricted to the correct personnel.
●
Fire suppression.
Zoned smoke detection and a fire suppression system protect against fire damage.
