HOM/Security Measures: Difference between revisions
From Future Worlds Center Wiki
Jump to navigationJump to search
No edit summary |
|||
| Line 9: | Line 9: | ||
*Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports. | *Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports. | ||
*Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports. | *Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports. | ||
== Computer == | |||
*Only staff authorized by the Hotline Operator can access computer for report processing | |||
*All external drivers (CD-ROM, floppy, etc) are disabled | |||
*Computer enclosure must be locked to prevent access to the computer from others | |||
*Computer hard drive is encrypted and password protected | |||
*Computer BIOS is password protected | |||
*Log in is password protected | |||
*Computer for report processing has a minimal configuration and only absolutely necessary software installed | |||
*Network access is limited with a firewall. | |||
== Web/Database Server == | |||
The database in which reports are stored is located physically on a separate server. The following measures guarantee the safety of this server and its data: | |||
<br> | |||
*The database Server is located within the secure space of the Hotline Operator’s office. | |||
*Only staff authorized by the Hotline Operator can access server for repairs, hardware upgrades, etc | |||
*If any other person needs to access the Hotline database server, s/he must be accompanied by the Hotline Operator, or by a person authorized by the Hotline Operator. | |||
*The Hotline’s database is backed up on a daily basis automatically. | |||
*The Hotline’s database backups are encrypted and stored at a location different from the Hotline Operator’s office secured by the management of the implementing organization. | |||
*All sensitive information stored on the Hotline server’s database is encrypted. | |||
*The server on which the Hotline’s database is hosted has a minimal configuration and only absolutely necessary software installed. | |||
*The Hotline Database includes the following records: Report ID (created automatically by the software); date and time of the reporting; text inserted by the person making the report in the subject line; type of content reported by the person that filed the report. | |||
*Every other record (traceroute, whois, etc.) is stored in database in form of encrypted files. | |||
*Screenshots are not recorded at all; instead a link to those is recorded. | |||
*Site mirror is provided for case of primary server failure. | |||
Revision as of 03:31, 12 September 2011
SECURITY MEASURES
Access to Hotline Investigations Office
The following measures guarantee maximum security regarding the access to the office spaces in which investigations and reporting is made.
- The office must be held locked at all times.
- The Hotline Operator is in charge of keys to the office and keeps records of who has copies of such keys.
- Only staff authorized by the Hotline Operator can access the office in which reports are processed.
- Only staff authorized by the Hotline Operator can access the computers, which are used for investigation and processing of reports.
- Only staff authorized by the Hotline Operator can perform maintenance tasks on any computers used for investigation and processing reports.
Computer
- Only staff authorized by the Hotline Operator can access computer for report processing
- All external drivers (CD-ROM, floppy, etc) are disabled
- Computer enclosure must be locked to prevent access to the computer from others
- Computer hard drive is encrypted and password protected
- Computer BIOS is password protected
- Log in is password protected
- Computer for report processing has a minimal configuration and only absolutely necessary software installed
- Network access is limited with a firewall.
Web/Database Server
The database in which reports are stored is located physically on a separate server. The following measures guarantee the safety of this server and its data:
- The database Server is located within the secure space of the Hotline Operator’s office.
- Only staff authorized by the Hotline Operator can access server for repairs, hardware upgrades, etc
- If any other person needs to access the Hotline database server, s/he must be accompanied by the Hotline Operator, or by a person authorized by the Hotline Operator.
- The Hotline’s database is backed up on a daily basis automatically.
- The Hotline’s database backups are encrypted and stored at a location different from the Hotline Operator’s office secured by the management of the implementing organization.
- All sensitive information stored on the Hotline server’s database is encrypted.
- The server on which the Hotline’s database is hosted has a minimal configuration and only absolutely necessary software installed.
- The Hotline Database includes the following records: Report ID (created automatically by the software); date and time of the reporting; text inserted by the person making the report in the subject line; type of content reported by the person that filed the report.
- Every other record (traceroute, whois, etc.) is stored in database in form of encrypted files.
- Screenshots are not recorded at all; instead a link to those is recorded.
- Site mirror is provided for case of primary server failure.
