In this article Dominique explains how to protect data against attacks or malware.



 

Convertigo software is using standard security models to protect data against attacks or malware. Also Convertigo’s security model has been audited by dozens of large accounts including banks.

Convertigo use SSL Encryption to protect data from mobile to servers, also any sensible data such as user credentials are encrypted before they are persisted. Convertigo relies on Java’s JSSE framework for security. JSSE can be configured to be FIPS-140 Compliant.

As long as Convertigo is installed with the standard “Good practice” rules for networking software, the software is protected by the standard security schemes.

As Convertigo is not storing data by itself but uses external databases or target applications to modify data, it is to these systems to be protected about any data loss or corruption.

 

Standard Convertigo Installation for B2E

Although In B2E Convertigo is not facing the Internet, so security concerns are lower than in B2C, these actions has to be performed on Convertigo installations :

  • Protect Hosting machine’s root accounts
  • Do not Install Convertigo on root account
  • Open only need ports
  • Use SSLv3 is recommended
  • Change Administration passwords after install
  • Disable Axis Admin console
  • Keep Admin password to authorized personnel
  • In project, development check that sensible data such user credentials are marked as “hidden” so they cannot be displayed in logs
  • Do not Operate Servers in production in TRACE logs mode, use maximum DEBUG level.
  • Protect credentials for any SQL Databases used by Convertigo projects.

 

Standard Convertigo Installation for B2C /B2B or Cloud.

In this configuration, Convertigo is facing the Internet, so additional actions have to be added to the B2E security list:

  • Install Convertigo in a one or two firewall configuration DMZ.
  • Use Web server front ends such as Apache2 reverse proxys or any other secured appliance to face the internet. Do not have Convertigo facing directly the Internet.
  • Prevent access to the administration console (https:///admin ) from the Internet by configuring properly reverse proxy’s url rewrite rules.
  • Prevent access to Convertigo services in non SSL/Tls protocols

 

Leave a comment