Security

The OpenSource product line complies with the highest security standards, including access control and password protection, SSL encryption and authentication, redundant data storage and backup.

Communication

SSL 256 Bit Encryption Protocol Certified By Thawte
Secure Socket Layer (SSL) 256-bit is the standard protocol for secure Internet communications. It provides end-to-end encryption of client-server communication over the Internet.
All data transmitted and received by OpenSourceCM, including passwords and documents, is SSL 256-bit encrypted (High grade AES-256 encryption). OpenSource is using an SSL certificate issued by Thawte, a leading global provider of digital certificate solutions.

Access

Password Protection (HTTP Authentication and Cookies)

 Every OpenSourceCM user is required to have a unique user name and password. Standard HTTP authentication and cookies stored on the user’s computer and in our databse are used throughout the system to verify the identity and privileges of each user. These unique identifiers are always sent over 256-bit SSL encryption.

Triple -DES Encrypted Passwords In Database
Passwords in the OpenSourceCM system are stored in Triple-DES encrypted format. Triple-DES is a strong encryption algorithm that prevents unauthorized access to user accounts by encrypting passwords in the database.

Intrusion Detection System (IDS)
OpenSource uses an intrusion detection system that monitors various areas within the OpenSourceCM servers and network, and analyzes the information to identify possible security breaches, including intrusion attempts from outside the network and misuse from within the network. OpenSource performs regular vulnerability assessments to evaluate the security of the server and the network.

Firewall
OpenSourceCM is protected by a firewall that reduces the risk of intrusion by allowing minimal access to the OpenSourceCM server. It denies direct access to services that are not necessary for the operation of the client application. Upon customer request, OpenSource can configure additional firewall policies to further restrict access to dedicated customer servers.

Single Point Of Entry
In order to ensure that security policies are always upheld, all data access is directed through an application-enforced single point of entry, where all application operations are authenticated. While the firewall assures that there is no direct access to any network service other than the application (i.e. database, file system), the application itself prevents malicious users from bypassing authentication mechanisms.

Access Control Lists
The application maintains manageable access control lists (ACLs) for all data in the system, enabling users to safely collaborate within the system. The ACLs may be reviewed and modified by the customer’s administrator.

Operating System

Unix Operating System
OpenSource uses Red Hat Enterprise Linux (RHEL), a UNIX-like system that lends itself well to standard security hardening practices. In recent years, Linux and other UNIX-based systems had a significantly lower number of critical security problems than Windows-based systems. RHEL has won many security and other certifications. See http://www.redhat.com/software/rhel/3features/

Unix System Lockdown
OpenSource manages OpenSourceCM server security in accordance with the security practices checklists published by the Computer Emergency Response Team (CERT) organization. Standard OpenSource practices include:

Physical

Secure Server Hosting
OpenSource offers a number of secure server-hosting alternatives including hosting at 365 Main (see http:// www.365main.net) secure co-location facility in SF, and at the customer’s secure servers area.

Administrative Access
OpenSource personnel perform maintenance of dedicated customer servers only upon obtaining permission from the customer to access the system. All other administrative access is prevented using the above-described means.