Security of Data

Follow

This FAQ page documents the security of software of RushFiles in case customer have doubts about it.

1.Secure network
Any connection in RushFiles is done based on secure SSL/TLS using port 443. 

RushFiles application uses only a certificate electronic signed by reliable certification authority.

These prove any data transmission between server and client is encrypted,and are valid for attacks called "Man-in-The-Middle attack". Man-in-The-Middle attack, called MiTM attack for short,  is a attack to get the important information by imitation of you.

It depends on customer to install certificate in server that RushFiles is running, but we recommend using at least 2048 bit wild-card certificate electronic signed by reliable certification authority.

 

2.To encrypt data in client device

RushFiles can operate on a lot of device and platform.

On mobile device, data are secured by separating a storage and encrypting all data transmission with AES Encrypt.  

On PC platform, Files are encrypted with Microsoft Encrypt Engine. It needs Windows Pro Version, but RushFiles Client Software automatically encrypt files. 

 

3.Encrypting and obfuscating data on client server

All files is obfuscated with advanced file format and changed in name, so someone can't find your file on server. 

File and file structure is also secured in database. 

Because of obfuscating File isn't stored with same structure. 

It is possible to use some company's encrypt key in encrypting all data uploaded in company's server.   

The algorithm we use is the standard algorithm in this area, AES, which is tested the most actively and one of secure encrypt standards.

We can use 128, 192, 256 bit encrypt key,  but we only use 256 bit encrypt key in Encrypting file for our customer's security.

The performance is important for server can access file data through random access.

In order to enable access to a part pf file without firstly decoding all parts of file, we use operation mode called "counter mode" that is explained in  NIST Special Publication 800-38A.

This operation mode uses the counter for changes of each data block. Each changes increase the counter.

This way makes each block unique counter. This completes the confidentiality of the encrypted data.

※Warning

Enabling encryption is same as prohibiting provider to access your file.  

If company lose your password, restoring file is hard in this case.

 

4. Setting up high availability "HA"

RushFiles's high extendability enables us to make HA environment, High Availability.

If you are platinum or diamond partner, HA is installed by installing a simple load balancer.  All severs in HA environment can access same storage.

 

5. Login Certificate

Password is added salt, repeatedly hased and saved,  The length of Salt is 256 bit, and generated by function doing high encryption.

Salt is added to password before hash and private key isn't saved in the database.

Connection between client and server is done through API, using token generated by Domain administrator. Password and username isn't completely used connection on API.  

 

・Security of password in using Active Directory Integration

In order to set up Active Directory(hereinafter called  "AD") password is only saved in AD and rules applied to AD by it.

In order to apply the rule to AD, RushFiles always certify user's certificate through Single Sign On(SSO) directory.

 

・Security of password in Not using Active Directory Integration

If organization doesn't use Active Directory Integration that standard password security rule is applied to, you must make password strong. 

For example, 

-At least 8 charactor

-Using lower and larger

-At least one number, or  special character

When individual user changes password, one-time URL is sent to E-mail address registered by user. 

You can change password only through this link.

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.