Ninja, Ninla, Bureaucrats, Administrators
497
edits
HOM/Security Measures: Difference between revisions
From Future Worlds Center Wiki
Jump to navigationJump to search
→Access to Hotline Investigations Office
No edit summary |
|||
| Line 9: | Line 9: | ||
*Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports. | *Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports. | ||
*Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports. | *Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports. | ||
== Computer == | |||
*Only staff authorized by the Hotline Operator can access computer for report processing | |||
*All external drivers (CD-ROM, floppy, etc) are disabled | |||
*Computer enclosure must be locked to prevent access to the computer from others | |||
*Computer hard drive is encrypted and password protected | |||
*Computer BIOS is password protected | |||
*Log in is password protected | |||
*Computer for report processing has a minimal configuration and only absolutely necessary software installed | |||
*Network access is limited with a firewall. | |||
== Web/Database Server == | |||
The database in which reports are stored is located physically on a separate server. The following measures guarantee the safety of this server and its data: | |||
<br> | |||
*The database Server is located within the secure space of the Hotline Operator’s office. | |||
*Only staff authorized by the Hotline Operator can access server for repairs, hardware upgrades, etc | |||
*If any other person needs to access the Hotline database server, s/he must be accompanied by the Hotline Operator, or by a person authorized by the Hotline Operator. | |||
*The Hotline’s database is backed up on a daily basis automatically. | |||
*The Hotline’s database backups are encrypted and stored at a location different from the Hotline Operator’s office secured by the management of the implementing organization. | |||
*All sensitive information stored on the Hotline server’s database is encrypted. | |||
*The server on which the Hotline’s database is hosted has a minimal configuration and only absolutely necessary software installed. | |||
*The Hotline Database includes the following records: Report ID (created automatically by the software); date and time of the reporting; text inserted by the person making the report in the subject line; type of content reported by the person that filed the report. | |||
*Every other record (traceroute, whois, etc.) is stored in database in form of encrypted files. | |||
*Screenshots are not recorded at all; instead a link to those is recorded. | |||
*Site mirror is provided for case of primary server failure. | |||
