Security in TribalOS
TribalOS has been designed taking into account the security of the stored data in the system as well as controlling access to them.
Security in user accounts
Any user of the system requires a password to access. This password is encrypted on the server. Is not posible to recover the password for security reasons. If the user forgets it, the only option will generate a new password that will be sent to the e-mail you have registered.
Security in instances
Every TribalOS instance (subdomain) is completely independent of the others. Every instance has its own database with exclusive access. The databases are not accessible externally and is not installed any web interface management to avoid exposing the data to external access. Every instance files are isolated in folders that only its owner can access.
Security in the server
TribalOS is hosted on the following Amazon Web Services:
- Amazon EC2: distributed execution hardware.
- Amazon S3: file storage.
- Amazon EBS: virtual hard drive with the database of each instance
The election of Amazon as a provider of web services has been influenced by it's world leader in this type of system as well as the high security measures implemented. Below is an account of protocols that Amazon provides.
Security in Amazon web services
Certifications & Accreditations
- PCI DSS Level 1 (Payment Card Industry (PCI) Data Security Standard (DSS)) Regulation, which certifies the safety and capability necessary to store, process and transmit credit card data.
- ISO 27001 defines the rules and protocols for risk assessment as well as the most efficient way to react to security problems.
- SAS70 Type 2 The company has undergone independent safety audits successfully overcome.
Physic security
Amazon has many years of experience designing, building and maintaining data centers, high-capacity distributed around the world. Only people who need it know the real location of data centers, and they have various physical barriers to prevent unauthorized access.
Information privacy
The platform enables, through applications that build on it, that data is encrypted and provides easy backup and redundancy to give users more confidence. You can specify areas of "data availability", ie, determining the geographic location where the data will be stored. This is useful to comply with certain legal norms of the European Union, for example.
Information integrity
The stored data is replicated to multiple data centers located in different locations. Not only are copied in the creation of each file, but are achieved and periodically backup to overcome a possible hardware failure. In the case of a file on a hard disk is lost, the fault is detected, the invalid data are discarded and the system automatically retrieves the most recent full backup. These backups maintain the integrity of the files in the "availability zone" chosen, ie if the data is stored in the European area, replications will also be in that area but in different locations (Spain, France, Britain ...). This data is never transmitted in other areas such as America or Asia unless an authorized user.
Security in connections
Data centers are protected by firewalls (software or devices that create a barrier between a computer and Internet connection) detectors as a typical threats:
- DDoS (Denial of Service).
- IP Theft.
- Port scanning.
- Capture unauthorized data packets.
- Cancellation of call type Ping.
Firewalls act proactively on all connections made to servers quickly and reject the attempts of unauthorized access to the system as soon as they are detected.
Security in the accesses
Access to a TribalOS server through Internet is only allowed to certain authorized persons. Each of these people has a certificate and private key access totally required to connect and modify the machine configuration.