| 4.6 Ops
02. Bastion Server | |
|---|
| 1. Bastion Server: | | 1. Each rack of servers includes at least one bastion server that runs FTP services for an on behalf of other servers. As far as possible, other servers are not connected directly to the Internet so criminal attacks are not feasable. To carry out occasional file maintenance work, the bastion server is maintained using FTP and then normal online application services are used to copy files from the bastion server to other servers. |
| 2. Security: | | 1. FTP services are 256 RSA encrypted and locked down to only communicate with 4 defined development data centers. FTP will ignore any requests from any other IP address - normal password protection is also deployed. | | 2. Encryption methods enable data files to be encrypted as JPG image files. By FTP a JPG image to a bastion server, that data can be unloaded and used to update other servers with a very high degree of security. To help hide data in a JPG file, a library of 20,000 JPG files are moved as a set with the hidden data inside a small number of those JPG images. |
| 3. File Maintenance: | | 1. To prevent rogue changes, three people must cooperate together to access the FTP server and communicate files. No one person is place in a position to be responsible for production data center file updates. As a policy, file maintenance will be eliminated in the next year and replaced with Eliza application services. Security is increased by eliminating any activity that excludes Eliza making the final decision on what to do. | | 2. Connection to the bastion server is restricted to HTTPS using TCP 443. Connection from the bastion server to other servers is restricted to Remote Desktop Protocol (RDP) using TCP 3389. |
| 4. Duty of Care: | | 1. The business has a duty of care to its people and their families not to put them in harms way from threat by criminals and legal orders to copy business data. Legal notices have been served what not only demanded a copy of certain data but also prevented the person from notifing any other person that the legal notice had been served. Criminal gangs have threatened harm to the family of certain IT people unless they copy certain business data. | | 2. Each person is protected from legal notices and criminal threats by ensuring they cannot access any business data. Not only are they prevented from accessing any business data, but that fact is published for the adversaries to read. |
| 5. Legal Notice: | | 1. To protect staff from being served with a legal notice to copy business data, no single person has the ability to copy any busienss data. At least three people must cooperate to sign in to any server and those three people do not have access to any encryption keys. Any legal notice to copy business data cannot be responded to because the people who can access any server can only see meaningless encrypted data with no idea what that data is. A legal notice demanding a copy of certain customer data and demanding silence abount the notice cannot be actioned because the people who can access any server has no idea what data is on that server - all data is encrypted. | | 2. A legal notice that identifies any specific data to be copied will never be actioned because the legal authority cannot know if that data is stored on any specific server. A legal notice demanding that all data is copied can be actioned with the certainty that all that data is encrypted and meaningless. If it is hard to find a needle in a haystack, it is even harder to find a specific needle in a mountain of needles. |
| 6. System Administrator: | | 1. In the good old days, the business had system administrators who could access any server by back doors and physical access. Agencies focused on businesses with system administrators because it was clear that back doors would exist for criminal access. | | 2. Many years ago as a strict policy, all system administration work was automated and system administrors eliminated. By providing perfectly normal application services to approved people, what was once done in an ad-hoc way by system administrators has been eliminated. One key to making this work, was the deployment of Bastion servers that act as a bridge between development and production servers. |
| 7. Eliza: | | 1. Eliza has replaced all system administrators as anything that a system administrator could do, Eliza can do. Eliza has the benefit of not being the subject of legal notices or criminal threats - it is not practical for a criminal to attack Eliza. It took many years to teach Eliza to do all system administration duties, but the rewards are considerable. | | 2. Every data breach must be reported by a company to the Information Commissioners Office, but with Eliza encryting everything, a data breach is not possible. Cyber security insurance is much cheaper and the procedures to handle a data breach are not needed. Many new customers elected to work with us on the back of this single factor that is critial to the reputation of their business. After a company has suffered a loss of millions of customer records, then they are highly motivated to never let it happen again. |
|
|