CLOUD PLATFORM:
The content management system (CMS) is hosted on an OMC Kamatera Server https://www.kamatera.com,
using an SSL encryption method and an ISO 27001 Security Certification, SOC 2 Type II and IS 27017
Security Certification. Snyk Vulnerability scan takes place monthly, as well as the operating system (OS)
for the server being updated and patched monthly by OMC Kamatera.
The cloud uses OMC Kamatera: EBS Provisioned IOPS storage (SSD), which securely protects all saved
data and keeps a continuous backup on the server. The CMS Server is on the OMC Kamatera platform
which is run by globally distributed data centers incorporating the latest technologies, servers are kept stable
and available at all times, under virtually any conditions. Every component has at least N+1 redundancy
resilience, which is a parallel backup device that will automatically be deployed in the event of a component
failure. This means that any hardware failure in any power supply unit, solid state drives, power phase, UPS,
memory or CPU will automatically switch to an alternative device, without you having to worry about the
configuration required to make it all work. Resiliency of the main power supply is similarly maintained with
backup generators. In addition, a complete image of the whole system is generated on a daily basis. Our CMS
server can be restored in just few minutes at any time.
The server also features a DynaTrace Infrastructure Monitoring system, which monitors the status of the
server in real-time and sends updates to the engineers every minute. We have in place a scalable computing
power system, allowing us to expand the server to suit our requirements if higher demands of data transfer are needed.
The network administrators for the content management system (CMS) are fully trained engineers, and have
a minimum of 4 years’ experience in our operations. Our very own development team also help maintain the
server and processes. There is a locked IP that allows only our engineers to maintain and manage the server
through a secure port.
SECURITY:
The cloud data has to go through HashiCorp’s HCP VAULT https://www.hashicorp.com/products/vault before
any data has been transferred to the screen/player. The HCP VAULT is a managed server that enables us to
easily create and control the keys used for cryptographic operations. The service provides a highly available
key generation, storage, management and auditing solution for us to encrypt data within the CMS. Events that
breach security are logged and analysed by the HCP VAULT in real-time. HashiCorp’s HCP VAULT monitors
all the system resources and protects the confidentiality and integrity of data.
HashiCorp’s HCP VAULT Detection System (IDS) and Intrusion Prevention System (IPS) offers key features
to help protect EC2 instances. Any breaches are logged and analysed by the IDS system. These monitor the
inbound and outbound data, as well as the system resources. Any attempted intrusions will also be logged by
the IPS. There are also engineers on standby 24/7 to respond to any vulnerability alerts. All security events
are logged and reported. Any suspicious attempts are also reported immediately by HashiCorp’s HCP VAULT.
The engineers and developers also have IT server maintenance training and server training, which is provided
quarterly.
There are multiple security hardening procedures in place, such as trimming and restricting remote services
on the OMC Kamatera and minimization of services the server is running. The CMS is also the only thing
that the server hosts so there are no other processes being run on the server. It also features an encrypted
security key, and uses secured packages when sending and receiving information. Each screen/player that
is connected to the CMS will have a security identifier, which is unique for each screen/player. There is a
watchdog system in place on the screen/player itself that will react to unwanted data or activity and begin
restoring configurations from the server once abnormalities are detected. Finally, two separate firewalls are in
place in front of all data going in and out of the server.
To keep accounts secure on Reddie Portal has a CAPTCHA authentication system is in place to protect spam
and password decryption. When logging into an account there is a simple test that requires the user to type out the exact numbers shown into a field that differentiates between human and computer access.
PORTS PROTOCOL:
The CMS server connects to the screen/player using the HTTPS web protocols. The HTTPS encrypts the
data real-time, preventing any information being intercepted by others. The CMS server will transfer files
via a packet system, and require the screen/player to return a message to the server every time it receives
a part of the packet, allowing the next part to be sent.
Port 80 (or 8088) using the HTTP protocol is used to download media from the server as well as
configuration files. Port 4700 on the UDP protocol is used to send remote commands to the screen/player
from the server. Port 4701 on the TCP protocol is used to let the screen/player log into the server, and also
register heartbeats for monitoring purposes. Finally, ports 16732 and 16733 on the UDP protocol are used for
local synchronization of the content of multiple screens/players.