span8
斯潘4
这个FME Cloud Security Whitepaperprovides an overview of how we secure our FME Cloud infrastructure.下面的问题是除了白皮书中定义的问题之外出现的常见问题。
白皮书列出了AWS提供的云合规性,but do 亚搏在线Safe have any security compliance,if so to what standards?
亚搏在线安全软件尚未获得认证。We are moving towards SOC accreditation,但我们还没有到那里,因为这是一个全面的过程。
Are your staff vetted,如果是这样的话,这对于执行更新的小团队来说是什么标准以及如何应用的。
We don't run police checks on our staff but we do check references and have a thorough recruiting process.我们只有小团队才能真正访问FME云代码。这个团队必须遵循我们的内部安全指南,其中包括使用两步身份验证访问我们使用的任何服务,对机器上有代码副本等的硬盘进行加密。No one person is trusted with access to the infrastructure.If there is a key piece of infrastructure,then it is monitored and everyone is alerted when someone accesses it.
您在加拿大的工作人员是否会查看客户数据(如果是这样,则被认为是居住在其他国家的一些客户的数据导出)。or do they just operate on the infrastructure/software?
No it will not,没有客户的许可。我们无法通过WebUI和RESTAPI访问FME服务器实例,our only potential access is via SSL,which is monitored and you will receive an email if we open that port.When working a support issue,我们尽最大努力尊重您的隐私,we only access the minimum files and settings needed to resolve your issue.
What logs are made /emails are sent when staff access instances– can you provide some examples?
The instance can only be accessed by our staff via SSH,我们绝不会不请自来。我们没有您登录FME服务器的密码。As soon as you download the passwords for the instance we delete them from our infrastructure.We also monitor the system logs on the instance,如果有人试图通过ssh(包括我们自己)访问实例,the account owner will receive an email warning them that someone has accessed their instance via SSH.You will also see an entry on the activity log for that instance on the dashboard.The email goes like this:
你好,XXXXX,
As part of our security checks,我们想通知您,用户已通过ssh登录到您的实例。If the FME Cloud support team did not ask for your permission,or if you would like more details,please contact our support team.
电话:+1 604-501-9985 X.278
EMAIL:支持@fmecloud.com
Note any unauthorized access to instances is also closely monitored by ourselves.
Sincerely,
FME云团队
您是否有您提供的典型服务水平协议副本以及服务的条款和条件?
We don't offer explicit SLAs as standard for FME Cloud as you can see from the terms and conditions outlined在这里.The reasonable commercial efforts to make the Online Services available that we talk about in the T&Cs—although not defined on our website—looks like this.During office hours (9am-5pm PST Monday-Friday excluding holidays),我们将在2小时内调查问题。Outside of that window,我们将尽最大努力调查发生的问题,but can't guarantee response time.However we are open to creating tailored SLAs for individual clients based on your requirements.
There is also an element of joint responsibility with regards to the instance.我们看到实例遇到问题的主要原因是当它耗尽磁盘空间或过载时。我们现在有FME云监控,which enables you to monitor when the disk goes over a certain value or the load/CPU exceeds a limit and send an alert.这意味着你可以在问题变得严重之前解决它们。
SSL加密–白皮书中指出这是128位RC4,is this still correct?
The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.我们已经删除了RC4密码。
Is it possible to lockdown outgoing ports /IP's on server instances?
目前不可能,这是我们可以补充的,请在思想交流中发帖。输入端口可以锁定.
Can you confirm that individual instances don't have shared components (other than the AWS cloud infrastructure)
对的,它们是专用实例,没有共享组件。唯一进出实例的数据是通过消息队列,我们使用它来执行操作系统补丁之类的操作。Read more在这里.
针对实例装载的数据卷是否加密了?如果加密到了什么级别/协议?
All EBS volumes that we mount against the instance are encrypted using the industry-standard AES-256 algorithm,it's the default encryption provided by AWS.Read more在这里.
Are the backup images encrypted – if so to what level?
Yes they are also encrypted using AES-256.We are essentially taking a copy of the EBS volume,since that is encrypted the backups and snapshots are too.
图像如何,和/或备份被销毁?
When you terminate an instance on FME Cloud,实例和EBS卷立即被销毁。在触发terminate命令30天后,关联的备份和快照将被销毁。We wait 30 days so we can recover an instance for a period if required.After the 30 days we destroy the backups and snapshots using the standard AWS commands.见第28页AWS安全最佳实践whitepaper and page 24 of theOverview of Security Processes白皮书,有关它们如何擦除EBS卷和在硬件达到其使用寿命结束后销毁硬件的详细信息。
安全如何应对安亚搏在线全威胁和what's the SLA to resolve?
We don't offer explicit SLAs as standard for FME Cloud as you can see from the terms and conditions outlined在这里.We usually work to create tailored SLAs for individual clients based on their requirements.这就是说,we do have the capability to react immediately,it just isn't always worth us doing so for every customer if they are running development and staging environments for example.如果存在入侵或漏洞,we will know about it right away because of all the monitoring setup.We have key alerts go straight to all of our phones via a service called PagerDuty.
您能举例说明您过去如何处理关键的安全威胁吗?
There have been several high-profile security bugs uncovered globally over the past 2 years: Shellshock,Poodle and Heartbleed.We were not affected by all of them,but for all of these issues the process was the same.We firstly audit our entire infrastructure to see what is affected and based on that assess what the security risk is.We often discuss things with our third-party security professional at this point too.在我们很容易受到冲击的情况下,we created a patch and before rolling the patch out sent the following email to affected customers:
你好,XXXXXX,
The engineering team at FME Cloud has been working to assess the impact for our customers in the wake of September 25th's disclosure ofCVE-2014-627andCVE-2014-7169,known colloquially as Shellshock.The issue lies in Bash's handling of environment variables and in theory an attacker could exploit it to execute shell commands i.e.run programs on the server.We join nearly every service provider on the internet responding to this critical vulnerability and conducted a comprehensive security review.
您正在运行一个安全更新被停用的实例(或者在我们提供自动修补之前启动它)。We could not find any vulnerabilities in FME Server,but because of the severity of this bug (10/10 for severity) and as a preventive measure we will apply the security patch to your instance.We will therefore be logging onto your instance via SSH in the next few hours to apply the patch.我们不需要重新启动实例,但您将收到一封电子邮件,说明有人登录了您的实例。
As best practice,我们已经禁用了在禁用安全更新的情况下启动实例的功能。This is until we are 100% sure that the server that we are providing you when you first launch is secure.
如果您有任何问题或疑虑,don't hesitate to联系我们.
多谢,
云计算团队
We are aware that communication is critical when issues such as this arise and we aim to be as transparent as possible.After assessing our infrastructure for the heartbleed issue we posted on our blog:https://blog.亚搏在线safe.com/2014/04/fme-cloud-weaker-cve-2014-0160-aka-heartebead。
How do you monitor and manage the emergence of new security threats?
We runQualys的网络漏洞每周通过一个时间表扫描针对FME云实例和FME云Web应用程序的工具。Qualys保留最新的已知漏洞数据库,so by scanning our infrastructure we can be sure that we are protected against even the most recent issues.如果我们易受攻击,我们将收到电子邮件通知,然后立即着手解决问题。
除了这些自动化工具外,我们与第三方认证信息系统安全专家(CISSP)合作,to complete application and network security audits.This includes manual network vulnerability scanning and penetration testing against the FME Server instances and the FME Cloud web application where you manage all of your instances.
How do you do to communicate issues?
对于一般问题,我们将在http://status.亚搏在线safe.com/and if there is a high profile security bug we will post findings on our blog if we are not affected.If we need to apply an urgent patch against either FME Server or the operating system,我们只需应用补丁,并通过电子邮件通知受影响的客户。
How does your product development cycles for Server and cloud take account of checking for security issues being introduced?
On FME Server and FME Cloud we use industry standard frameworks and tools to ensure that if there is an issue then it is easy to patch.
FME服务器在每年的发布周期中工作。For all third party components that FME Server uses such as PostgreSQL,JVM和Tomcat;we ensure the most recent security patches are applied.我们还系统地监控与FME引擎一起发布的库中的漏洞,并使用.x版本定期合并这些修复程序。一旦新版本准备好进入FME云,我们将Qualys的网络漏洞扫描转换为指向该构建的FME服务器,以检查并查看是否存在任何已知的漏洞。
FME Cloud works on a continuous deployment cycle.Firstly we have very strict rules about who can deploy and when you are allowed to deploy.我们首先让人检查代码评审中的问题。当我们将代码推送到发生两件事的登台环境时,一个叫代码气候runs which checks the actual code for common errors that people make that can lead to security exploits.We then have Qualys running against the application from the outside,performing vulnerability tests checking to see if there are any known exploits in our app.然后我们将代码部署到生产环境中。
What happens if you need to introduce a breaking change to your rest services for example.
我们的整个FME云基础设施都经过了严格的版本控制,from the APIs through to the machine images that we use to provision FME Server.That means for all but the most very serious of bugs we would just push the change to the new version.If we did have to push a breaking change—security issues might be the only reason we needed to do this—we would communicate this to customers in advance,通过电子邮件和任何其他合适的渠道。We would give a time window defining when we were going to roll out the change and then work with customers to ensure they knew how they had to update their 亚搏在线workflows.
如果这个数据中心瘫痪了会发生什么?我们是否会失去服务,或者您/AWS是否会自动转移到其他数据中心?
Currently if the data centre (so called availability zone [AZ]) was to go down,then the instance would be unreachable for that period.Each region is comprised of multiple AZs.我们可以在一个区域中增加跨多个AZ的容错部署支持,but it is not something we have had requested so far,as the cost and complexity increases dramatically.我们永远不会在区域之间移动数据。
Although instances may be unreachable for periods of time,如果数据中心瘫痪,我们仍然不会丢失您的数据。If the hardware on the instance fails,or the EBS volume becomes corrupt,我们可以回滚到以前的备份并恢复实例。这还没有发生。
© 2019 亚搏在线Safe Software Inc |Legal