Idomoo personal video as a service implementation includes the following security layers/measures:
Network security
- All of
Idomoo’s instances/servers are isolated in dedicated “security groups”,
limiting inbound traffic by port according to their role in the Platform.
- Inbound
traffic to enabled ports is only allowed to be originated from a set of other,
well-defined security-groups.
- Sensitive
components in the platform requiring internal access only (access
originating from internal components in the Platform) reside in a
‘Private’ Part of the VPC, disallowing all access from entities outside of the
VPC.
- Components in
the platform that require entities outside of the VPC to communicate
with them limit such access only to the required subset of ports from
designated IP Address (Idomoo’s Offices).
- On top of the
restrictions specified in the previous section, all communication to the VPC
can only be done through a secured VPN, pre-set and configured on client and
the VPC itself.
Server hardening
- All instances
are hardened to only utilize PKI, SSHv2 based access. Password Authentication
is disallowed.
- Remote root
login is disabled.
- SSHv2
key-pair are passphrase protected.
- A dedicated SSHv2 key-pair is generated for Idomoo platform VPC instances to guarantee uniqueness and limit usage to authorized personals only.