2H Systems’ servers reside in Arizona in a state-of-the-art data center. Biometric security provides secure access by Data Center staff. Firewalls and subnets dedicated specifically to 2H Systems’ servers further insulate 2H Systems data from harm. Raid-compliant hardware provides fault-tolerance and offsite nightly backups delivers another layer of redundancy.Three-token Handshakes
Security occurs on multiple levels. Technology, the database(s), audits, and the application itself - all are focal points for security. Within the authentication process, a specific, non-published URL points at an authentication server using SSL. This verifies the requestor is coming from an authorized location and creates a one-time key which is inserted into an common exterior database. An encrypted ID is passed on to an unpublished set of web application servers running on obscure ports. They in turn query the database to verify that the person entering has the same key ID and IP address as of the one that was entered into the shared database outside of the DMZ. Any attempt at access of the server without authentication and apart from the web application will drop the session and document the attempt. The web application servers run behind another firewall that allows database, file, and operating system management only through a VPN via two unique source IP’s using secure, encrypted transmissions. Everything else is rejected.Login Requirements
The Login Screen uses several methods to secure access. Login passwords are required to meet a set of password standards. Multiple attempts past a limit generate a complete loss of the session. RC4-level encryption – used typically in the SSL Handshake Protocol - is utilized to ensure that both the user name and password are encrypted on their way to the server. Upon successful entry of the individual, security renders the available tools visible dependent upon the authorization level assigned to the staff member. Additionally, a 386 bit encryption of general code secures source code further in certain key parts of the system.Encryption
A unique 1024 bit security key (utilizing the RC4 protocol) is generated for the client upon each secure screen display; this ensures immediate obsolescence of any key directly after use. The encryption key encrypts the unique ID of the encryption cipher that only exists in the database. Encryption is targeted; not all data passed to/from the server is encrypted. Colors and basic HTML are not encrypted. However, sensitive content is. Database Security and User Security Assignments
The database itself excludes all ports except for that of the local servers, and has multiple user rights. Power users have no direct access to the enterprise database and have limited access to data. All content is managed through the framework GUI.
Transaction Auditing
Audits are being made on all entries into the system. IP addresses, user names, dates, and times – all are tracked for every login attempt. Audit files exist per entity and globally for all entities. Within the applications, audits also occur on actions performed by users.
