Xenegrade utilizes a variety of tools to maintain the security of your data as well as making sure you have access to your data on demand. Following is an overview of the security and reliability features of XenDirect.
XenDirect utilizes an internal security system at both the user level and permission group level. These permissions are set by the licensee’s system administrator. Permissions are assigned for View, Add, Modify, and Delete for the menu and submenu components level. User permission can be controlled per user or by permission groups. An unlimited number of permission groups can be created and a clone feature exists to duplicate and edit existing groups. User permission settings also control days and times a user can access as well as set a specific start and end date range. Permissions can also restrict access to student and course information based on a pre-selected list. Access to the system requires a user login, user password, and a PIN. A User Log records every time a user logs into and out of the system as well as identify when a user has not logged out of the system.
XenDirect servers are located in a private suite of a major data center. The private suite requires a coded RFID card and fingerprint verification access to enter the area (magnetic locks), and keys to access the suite. Security personnel are present in the building 24/7 and check points are maintained by security guards. Access to the private suite area is monitored by the NOC (Network Operations Center). Video and motion sensitive surveillance is performed by the NOC 24/7 of all access points and common areas, but not in the private suites.
Telco grade fire suppression systems with pre-action dry pipes are located in all common areas. Monitoring system in the suite monitors air temperature directly from the A/C vent as well as ambient room temperature. In the event of power failure, power is switched to an N+1 UPS system automatically and then to MGE and PowerWare UPS units with diesel generators as soon as possible. The failover is automatic and tested regularly. Electric connections and N+1 Liebert unit HVAC systems have an N+1 configuration to maximize redundancy.
Firewall rules are in place to block/allow traffic as needed. The firewall strategy includes IP restrictions for specific IP address for ODBC data access. Certain sensitive data is encrypted using a proprietary encryption method and data through SSL sites. The firewall strategy is monitored regularly for suspicious activity.
The Web Registration module utilizes a secure certificate for all operations once a student is logged in.
Server Security / Reliability
OS patches, security updates, and security patches are reviewed and installed bi-weekly and more often if the update/patch requires a higher level of importance. Server configuration includes four redundant fixed disks per data and web server. Password security is proprietary information except that server password aging includes a change at least every six months. Updates and patches that require server reboots are typically performed between 2:00 AM and 7:00 AM Eastern Time on a Sunday or otherwise as needed. The default port of 1433 is not used for production databases.
Both the Web Registration and Admin Module applications incorporate code seeking keywords passed via a URL. If one is found, the browser redirects back to the root URL and an email is sent to the Xenegrade programming staff with IP address and details of the attempted attack. Once an IP is recognized as a potential threat, it is added to a blocked list in the Firewall and Application code to prevent any possible future attempts.