Buzzy Server Administrators can access the Administration page of the Buzzy Server to perform management tasks. Administrators are identified by user id in the Buzzy settings file.
Transport Encryption (SSL/TLS)
Encryption is required to communicate securely over the internet. if your data isn’t encrypted, anyone can examine your packets and read confidential information. The steps required to establish a secure connection include:
- The client contacts the server and requests a secure connection.
- The server then provides its digital certificate, an electronic document issued by a third-party authority confirming the server’s identity.
- Using the server’s public key, the client and server establish a session key that both will use for the rest of the session to encrypt communication.
SSL certificates are at the heart of the SSL/TLS protocol. Certificates are issued by Certificate Authorities (CA) and are mandatory for connections with Buzzy server/clients and 3rd party integrations.
Encryption at Rest (DB/File system)
Encryption at rest provides data protection for stored data.
The Buzzy server utilizes MongoDB for storing structured data. More information on encrypting that data can be found in MongoDB Security.
Files attached to a Buzz are stored on an S3 compatible file system. With Amazon S3 default encryption, you can set the default encryption behavior for an S3 bucket so that all new objects are encrypted when they are stored in the bucket.
MongoDB includes an auditing capability which allows administrators and users to track system activity for deployments with multiple users and applications. This optional capability may be required for a compliance audit or security investigation.
Hardening your network, servers, applications, database, and operating systems is a great start to meeting industry-accepted configuration standards. Below are some suggestions for hardening your Buzzy platform:
- Network Hardening
- Firewall configuration
- Regular network auditing
- Limit users and secure access points
- Block unnecessary network ports
- Disallow anonymous access
- Server Hardening
- Administrative access and rights are allocated properly
- Application Hardening
- Application access control
- Implement password best practices
- Database Hardening
- Implement admin restrictions on access
- Encrypt data entering and leaving the database
- Remove unused accounts
MongoDB Security Checklist provides a good list to review your security.