343
edits
Changes
no edit summary
= Intro =
The operational and development office of All n One is 48 / 49 Western Parkway Business Park, Lower Ballymount Road, Dublin 12, D12 DK49.
This document provides information on the development environment and its security controls.
N.B. No client data is stored on this site.
=Physical security=
* Perimeter Security - The park security is managed by TopSecurity who are retained by Colliers (http://www.colliers.ie/).
** Different zones / different permissions - Users with a key card are controlled through the Intevo system and are only granted access to areas of the building chosen by our security team
** Non staff guided access - Audit trails for all entrants of the building are held for reporting.
* Physical Keys
** Lockup sequence - Physical Keys to the building are held by permanent staff working for the company longer then six months. Upon leaving the follow steps documented for them that include various security checks, alarm activation, locking doors and closing shutters.
= Operational security = * Departments
* Clean desk policy - The last to leave the building have to follow a set list of security checks. One of which involves checking all other employees desks for open lockers and sensitive documentation. All colleagues are briefed on Data security best practices.
* Security checks (monthly)- Office machine report - All staff are subject to completing a tender document monthly which lists the results from Anti-virus scans, Spy-ware scans, optimization scans, windows/mac update checks and recently installed software checks.
*CCTV is reviewed daily to spot any camera activity outside of operational hours. *Remote security monitoring is provided by our intevo security system. With this we can check any security features for Ballymount to insure all is secure. = Network Configuration =
* Remote security monitoring is provided by our intevo security system. With this we can check any security features for Ballymount to insure all is secure.
=Network Configuration=
Please review [[All_n_One_Infrastructures]] for further information
= Facility Maintenance =At AllnOne we have certain procedures that we follow in order to stay compliant with many standards and to provide a safe and secure working environment for our employees.
* Fire safety is provided by Patrick Jenkins who briefed all colleagues on the correct procedures to follow in the unlikely event of a fire. Patrick also makes sure all fire equipment is regulated to insure its operation.
* The intevo security system lets All n One monitor any colleagues entering and exiting the building. Reports are run and stored on this information daily. Unauthorized access is mitigated against by only allowing access if the person has an approved security card issued by our security official Thomas Glennon.
*Air conditioning/Heating and Air purifying is provided in the office to give our colleagues the most comfortable safe working environment.
==Power Supply==
Our electricity is provided to us by Energia. This provides a highly reliable service as they are one of the largest independent energy suppliers in Ireland supplying over 65,000 customers with electricity. Since we started operating out of our Ballymount facility in 2005 we have never had a drop of power from our provider.
In the unlikely case that power is lost from our Electricity service provider we have an onsite UPS solution ( In our warehouse we have our back-up system from UPS. For this we have 32 Batteries set up on secure racks that are linked to the Eaton branded battery breaker device so in the event of a power cut this device can keep our Ballymount facility running for another 12 hours. (In the un-likely event this occurs it will not affect the operation of BE as it is hosted on our web servers in out SunGard Data Centre)
== Fire Prevention Procedures ==Just like any business scenario, we want minimise the possibility of fire. We do this by implementing fire alarms, fire blankets and fire extinguishers.
== Hygiene/Cleanliness ==
We have a current service contract with a cleaning company who provide us with a cleaner for our facility. The cleaner comes out twice weekly and just keeps a general maintenance of the area. i.e empty bins, clean surfaces, hoover floors etc. This is in the best interest of our business as getting rid of any excess dust around computers can help maintain a machines life span by preventing dust from impacting the fans/hardware of the computer and in turn cause damage.
== Pest Control == We have a service contract with Complete pest control who do routine visits bi-monthly. The visits include servicing any traps or replacing any old bait. We have never had a pest problem at the All n One facility, however it is important to have procedures in place. == Air Conditioning ==
==Air Conditioning==
At AllnOne there is a necessity for proper air conditioning as we need to keep machines at an optimum temperature to prevent overheating. Our air conditioning is broken into three locations:
• Ground Floor Open Floor Plan• 1st Floor Open Plan• 1st Floor Comms Room
The Ground floor has a Toshiba RAV361AH8-P air conditioning unit. This is a refrigerant that produces R-22 gas type which is environmentally safe and is used in most households.
Our air conditioning service contract is with a company called Paragon. They maintain our air conditioning units and do a routine service every 6 months. In addition to this is we notice any issue with the air conditioning they will send a representative out to us to rectify the problem.
== Internet Connections ==
At AllnOne internet connection is vital to how we operate. Currently we rent two internet lines from Eircom. We have utilised these two lines by splitting them up.
=== Line 1 ===This is the line that holds our cabled network connection. This includes all wired computers in the building and servers and the 3cx phone system. The router/modem is connected to a switch, the switch is then connected to 3 patch panels. The patch panels are connected to Ethernet lines and at the other end of those lines are access points for the PC’s in the building. The Wi-Fi on this router has been turned off to increase the security of a possible intruder getting into the network as he must be directly wired in. We also do not leave any open Ethernet ports available so any that are not in use are disconnected from our patch panel.
The wireless router is also kept off unless it is asked for by a visitor. In this case it is connected to the Eircom router which is separate from the office's main internet connection. For a visitor to get access to this they must provide their device's MAC address and the MAC address is then given access to the wireless network. This helps prevent unwanted wireless devices connecting to the wireless network when it is turned on.
= Building Machinery Layout =
At our All n One facility we operate machinery in different locations throughout our building. For the purpose of this document we have broken up the sections into what area the machinery is stored, and how we maintain it.
All operational All n One machines comply with standard settings, processes and procedures listed.
===Microsoft Windows Maintenance===
Windows security updates are of the upmost importance to the security of our systems.
=== Anti-Virus ===
Anti-Virus protection is vital to our security measures. Here at All n One we implement anti-virus software on all of our machines. Anti-virus scans are implemented in real time, and full system scans are implemented on all computers every forth night. This insures that there is no malicious software on company computers. By following this procedure we have never experienced any issues.
=== System Optimizer ===
In All n One we have implemented CCleaner as our system optimizer software, privacy and cleaning tool. It removes unused files from our system - allowing Windows to run faster and it also frees up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware. As this system optimizer is very fast to use. Its benefits are huge in regard to freeing up hard disk space on the main floor computers. We schedule to run this software weekly.
=== Spyware Protection ===
We use Spybot Search and Destroy as our main on-demand spyware scanner. It is used to scan a complete system for active malware; if suspected malware is detected, users have the option of removing it. A complete system scan will check for all malware which includes classical viruses. The malware database contains more than 7000 different threats and is constantly being updated. Immunization supports chrome, Firefox and Internet Explorer. Domains known to spread malware are added to this list so they no longer pose a threat. Spybot includes another level of immunization by adding those malicious websites to the Windows ‘hosts’ file. Spybot Free Edition definition files are updated on a weekly basis. We also run full system spybot scans on a bi-weekly schedule. We also have never had a spyware threat on any computers.
=== Software Testing/Hardware Testing ===Software and hardware testing on machines is very importance. We keep a maintenance schedule running for these tests. We generally just run the generic software listed under section 3.1 of our Compac branded computers to make sure everything is running flawlessly. We also check for any updates to the software that does not automatically update. The hardware testing we run involves checking all of the monitors, mice, key boards, microphones and the machines internal hardware. We do internal hardware tests on yearly basis but if we encounter an issue with the machine, we run it on demand to find what part or issue must be fixed/replaced. For this purpose we keep a reserve of computer parts in our warehouse to allow us to fix issues promptly.
===Cabling===
In the interest of health and safety we keep all cables maintained and organised so there is no issue with lose/dangling cables. This also means we avoid any possibility of damage. In the case of a cable being damaged, i.e power cable, block, VGA, phone line or Ethernet etc., we keep a reserve of these in our warehouse.
===Machine Hardware encryption Security===In At All n One we operate on a windows environment. We utilize the interest of health and safety we keep all cables maintained and organised so there windows based bit locker encryption. BitLocker is no issue a full disk encryption feature included with lose/dangling cablesWindows Vista and later. This also means we avoid any possibility of damageIt is designed to protect data by providing encryption for entire volumes. In By default it uses the case of AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a cable being damaged, i.e power cable, block, VGA, phone line 128-bit or Ethernet etc256-bit key., we keep a reserve of these in our warehouseCBC is not used over the whole disk; it is applied to each individual sector.
=== Machine Hardware encryption Security Active Directory Control===At All n One all colleague windows accounts are controled by the security department through the implementation of Active Directory. '''Active Directory''' ('''AD''') is a directory service that Microsoft developed for windows domain networks. It is included in most windows server operating systems as a set of processes and services. <sup id="cite_ref-:1_3-0" class="reference"></sup>