Security is of the utmost importance for Optigo Networks, which has adopted several best practices to ensure the security of customer data. These security practices are continuously reviewed and improved upon.
The following are the major highlights of the security practices for OptigoVN:
OptigoVN Cloud Hosting
-
Information in this section is for OptigoVN hosted by Optigo Networks.
-
OptigoVN is hosted on Amazon Web Services (AWS) EC2 instance(s) and all data resides in AWS S3 storage. Other than specific regional web proxy servers, all OptigoVN AWS EC2 instance(s) and S3 data centers are located in the United States of America.
-
All network traffic to and from OptigoVN servers (e.g. app.optigovn.com) is encrypted using TLS with a certificate issued by ZeroSSL Certificate Authority (CA).
-
All data is encrypted in-flight using secure HTTPS connections.
-
Network ports that are open on AWS EC2 instance(s) to the Internet are:
-
80 (HTTP) (redirect to 443) and 443 (HTTPS).
-
80 (HTTP) (redirect to 443) and 443 (HTTPS).
-
Security is enforced on AWS using AWS IAM best practices.
-
Access to AWS EC2 instance(s) is limited only to select Optigo Networks staff, for deployment and provisioning via SSH using AWS IAM roles, that assigns a different pre-shared key for each individual staff member.
-
Access to AWS S3 storage is managed by secret keys.
OptigoVN Application
-
OptigoVN does not require or process any Personally Identifiable Information (PII), except for information as part of the login process such as email address & host IP address.
-
User authentication is password protected. Minimum password strength is enforced. Passwords must be at least 8 characters, have at least one upper case letter, one lower case letter, and one digit or special character.
-
All passwords are stored using hashed and salted techniques.
-
Accounts are automatically locked after 5 sequential unsuccessful login attempts.
-
All user credit card information is securely managed and stored on the Stripe online payment service.
-
All user activities (e.g. logins, uploads, downloads, views) are logged and reviewed regularly.
-
All user (packet capture) files are stored in AWS S3 storage using anonymized filenames to remove any descriptive information (e.g. customer name, location name, date).
- All Optigo Networks' staff receive regular training on privacy and security (e.g. sensitivity of user data, best practices regarding passwords and user accounts).
Optigo Networks Capture Tools
-
Optigo Networks free Capture Tools are available in several formats:
- Software for Windows
- Software for Linux: Ubuntu, CentOS & RedHat
-
Raspberry Pi based device (w/ DIN-rail mount)
-
The software application versions (Windows & Linux) are installed and run on
a PC or virtual machine.
-
The hardware version uses a Raspberry Pi running Alpine Linux OS.
-
All versions (hardware and software) do not call home or require Internet access except for the sole purpose of uploading collected PCAP files. Automatic capturing (e.g. recurring scheduled capture) is an optional feature.
-
PCAP file uploads use an outbound only API with TLS1.2 encrypted
transmission.
-
Data is stored in a pcap/pcapng format. Please click on this IETF link for further
information on this format. Before automatically uploading to OptigoVN, capture files are temporarily stored in the following locations: - Windows: C:\Program Files (x86)\Optigo Capture Tool\data\pcap
-
Linux: /opt/OptigoCaptureTool/data/pcap
-
The Capture Tool software application runs as a service on port 4000.
-
The management and configuration of Optigo Networks’ Capture Tool is accessed through a web browser with self-signed SSL version 3, with authentication requiring a username and password. The user is encouraged through a prompt to update the password on every login if the default password has not been changed.
-
Passwords must be at least 8 characters, have at least one upper case letter, one lower case letter, and one digit or special character.
-
Users/organizations can replace the self-signed certificate.
-
The Optigo Networks Capture Tool device (hardware) has only the following ports
opened:- 80 (http)
-
443 (https)
-
The Capture Tools (both variants) only capture packets on standard BACnet
ports (UDP 47808 to 47823) and user defined ports.
-
Further information on the Optigo Networks Capture Tool software installation can be found here.
- Both the MS/TP and IP network physical capture tools' hardware has been security scanned.
Please direct any additional questions to info@optigo.net
Comments
0 comments
Please sign in to leave a comment.