Security &
Infrastructure
The security tools and the elements that make up the infrastructure of the platform
The eMIP platform makes constant and sustained efforts to secure access to your sensitive data. For this we have implemented several safety measures, which complement each other, forming a unitary system:
1.
Encrypted connection for communications between your terminals (laptop/desktop) and eMIP servers.
2.
PBKDF2-type authentication system, highly competitive and resistant to many types of attacks.
3.
Protection against "brute force" type attacks, by analyzing erroneous sequences and blocking the account for a period of time.
4.
Two-factor authentication - 2FA (additional transmission of a security code sent by email/SMS).
5.
The continuous improvement of the infrastructure, through the use of Azure solutions for operation and storage, backup systems, enterprise solutions for managing databases, which allow the use of advanced security tools.
The eMIP web platform is developed on a strong infrastructure with adequate security measures to operate efficiently and protect its activity and information. The platform infrastructure includes competitive IT solutions and systems to provide quality services to our users. Platform security, on the other hand, refers to the measures taken to protect its information and resources from unauthorized access or external threats.
The implementation of a strong infrastructure and adequate security measures are constant desires of the eMIP team. Through the infrastructure developed and the security tools used, the eMIP Platform can ensure business continuity and help prevent data theft or unauthorized access. Investments in these areas are essential to guarantee the success and protection of the platform.
1. TLS / SSL encrypted connection (client/server)
The eMIP platform uses TSL / SSL secure communication protocols, which encrypts all the data transmitted between the client and the server. These protocols are commonly used to protect communications over the Internet, including online transactions, access to secure websites, and other activities that involve the transmission of sensitive data over the Internet.
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are security protocols that provide encryption for communications between two systems, such as a browser and a web server. These protocols are used to protect sensitive data, such as credit card numbers or passwords, when transmitted over the Internet.
TLS and SSL are similar, but TLS is a newer and more secure version of the SSL protocols. TLS was developed as an improvement on SSL protocols and has replaced them in most cases. Both protocols work by encrypting data during its transmission over the Internet and verifying the authenticity of the server and client.
To use TLS or SSL, a connection is established between two systems and a shared encryption key is negotiated. This key is used to encrypt and decrypt data transmitted between systems. TLS and SSL also use digital certificates to verify the identity of the server and client and to ensure that data is transmitted only to the expected server.
2. eMIP uses a PBKDF2 authentication system
Authentication is ensured by PBKDF2 (Password-Based Key Derivation Function 2) algorithm with 1000 iterations, 128-bit hop and 256-bit subkey which is designed to be computationally expensive, making a brute-force attack unprofitable .
In addition to being computationally expensive, PBKDF2 is also resistant to various types of attacks such as dictionary attacks and pre-computation attacks. This makes it a very effective method for securely storing passwords and protecting against unauthorized access.
3. Protection against brute force attacks
Brute force attacks work by calculating every possible combination that could make up a password and testing it to see if it is the correct password. As password length increases, the time, on average, to find the correct password increases exponentially.
eMIP, blocks the account of the attacked user for a period of time, upon detection of a set of failed access attempts. The unlocking is done automatically after a certain time interval (tens of minutes), and the detection of other sets of attempts that will be blocked is resumed.
4. Two-factor authentication (2FA)
Two-factor authentication (2FA) is an authentication system that involves entering two forms of authentication information to access an account or system. The first form of authentication is usually a password, and the second form can be a verification code received via email / SMS, an authentication token generated by an application, or a physical authentication key.
2FA is an effective method of protecting access to accounts and systems because it involves the need to have access to both forms of authentication information to perform authentication. If an attacker manages to gain access to your password, they won't be able to access your account or system unless they also have access to the second form of authentication.
In general, 2FA is considered an efficient method of protecting access to accounts and systems, as it significantly increases the level of security. However, it's important to keep in mind that two-factor authentication methods can still be compromised, for example if an attacker manages to gain access to your phone or if you use an authentication app that isn't secure enough. That's why it's important to consider all security aspects when using two-factor authentication methods.
5. We are continuously modernizing & developing the infrastructure of the eMIP platform - to state-of-the-art technologies.
The infrastructure of the eMIP platform uses Windows Server 2022 Datacenter as an operating system, which offers support for applications and high-performance network services. This operating system offers enhanced security features, such as TLS (Transport Layer Security) over SSL (Secure Sockets Layer), to protect data transmitted over the network.
The eMIP platform uses Azure VM (Virtual Machine) backup to make daily backup copies of the virtual machines in the platform. This backup service ensures the protection of business continuity by making automatic backup copies of virtual machines, which can be restored in case of need.
The eMIP platform uses Microsoft SQL Server 2019 as a database to store and manage the information of the applications in the platform. This version of SQL Server is an Enterprise edition, with advanced functionalities:
-
SQL Server Agent is a tool that allows administrators to automate database maintenance and monitoring activities.
-
Machine Learning Server and R for building, training and evaluating machine learning models directly in a SQL Server database for scoring and prediction.
In conclusion, the infrastructure of the eMIP platform uses the latest technologies, such as Windows Server 2022 and SQL Server 2019, to offer high-quality performance and security to the applications in the platform. Additional tools, such as Azure VM backup and SQL Server Agent, ensure the protection of business continuity and the facilitation of database maintenance.