Idomoo personal video as a service implementation includes the following security layers/measures:

Network security

  1. All of Idomoo’s instances/servers are isolated in dedicated “security groups”, limiting inbound traffic by port according to their role in the Platform.
  2. Inbound traffic to enabled ports is only allowed to be originated from a set of other, well-defined security-groups.
  3. Sensitive components in the platform requiring internal access only (access originating from internal components in the Platform) reside in a ‘Private’ Part of the VPC, disallowing all access from entities outside of the VPC.
  4. Components in the platform that require entities outside of the VPC to communicate with them limit such access only to the required subset of ports from designated IP Address (Idomoo’s Offices).
  5. On top of the restrictions specified in the previous section, all communication to the VPC can only be done through a secured VPN, pre-set and configured on client and the VPC itself.

Server hardening

  1. All instances are hardened to only utilize PKI, SSHv2 based access. Password Authentication is disallowed.
  2. Remote root login is disabled.
  3. SSHv2 key-pair are passphrase protected.
  4. A dedicated SSHv2 key-pair is generated for Idomoo platform VPC instances to guarantee uniqueness and limit usage to authorized personals only.