Difference between revisions of "Bxp - Ballymount Security"
From All n One's bxp software Wixi
Philip Lacey (talk | contribs) (→Line 2) |
|||
| Line 212: | Line 212: | ||
| + | === Machine Hardware encryption Security === | ||
| + | At All n One we operate on a windows environment. We utilize the windows based bit locker encryption. | ||
| + | BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector. | ||
Revision as of 11:29, 13 January 2017
Contents
1 Intro
The operational and development office of All n One is 48 / 49 Western Parkway Business Park, Lower Ballymount Road, Dublin 12, D12 DK49.
This document provides information on the development environment and its security controls.
N.B. No client data is stored on this site.
2 Physical security
- Perimeter Security - The park security is managed by TopSecurity who are retained by Colliers (http://www.colliers.ie/).
- Our joined units within the park are securely locked and alarmed.
- Intevo live video recording - Provided by ADT security, our CCTV system holds three months of recording using high definition illustra 600 IP cameras strategically located around and inside the premises.
- ADT motion sensors and contact points - Provided by ADT security, our motion sensors and alarm system are controlled by a Honeywell Security - Galaxy 48 model
- ADT Door swipe cards - Also linked to the Intevo system our door controls are regulated from Kantech's KT-300 system.
- Different zones / different permissions - Users with a key card are controlled through the Intevo system and are only granted access to areas of the building chosen by our security team
- Non staff guided access - Audit trails for all entrants of the building are held for reporting.
- Physical Keys
- Lockup sequence - Physical Keys to the building are held by permanent staff working for the company longer then six months. Upon leaving the follow steps documented for them that include various security checks, alarm activation, locking doors and closing shutters.
- Monitoring
- Fire monitoring
- Security monitoring - Security reports are run and held for all working days. This report holds information including, which doors controls were activated at specific time and which user activated it. All secure doors are visible from a camera feed.
3 Operational security
- Departments
- Clean desk policy - The last to leave the building have to follow a set list of security checks. One of which involves checking all other employees desks for open lockers and sensitive documentation. All colleagues are briefed on Data security best practices.
- Security checks (monthly)- Office machine report - All staff are subject to completing a tender document monthly which lists the results from Anti-virus scans, Spy-ware scans, optimization scans, windows/mac update checks and recently installed software checks.
- CCTV is reviewed daily to spot any camera activity outside of operational hours.
- Remote security monitoring is provided by our intevo security system. With this we can check any security features for Ballymount to insure all is secure.
4 Network Configuration
Please review All_n_One_Infrastructures for further information
5 Facility Maintenance
At AllnOne we have certain procedures that we follow in order to stay compliant with many standards and to provide a safe and secure working environment for our employees.
- Fire safety is provided by Patrick Jenkins who briefed all colleagues on the correct procedures to follow in the unlikely event of a fire. Patrick also makes sure all fire equipment is regulated to insure its operation.
- The intevo security system lets All n One monitor any colleagues entering and exiting the building. Reports are run and stored on this information daily. Unauthorized access is mitigated against by only allowing access if the person has an approved security card issued by our security official Thomas Glennon.
- Air conditioning/Heating and Air purifying is provided in the office to give our colleagues the most comfortable safe working environment.
5.1 Power Supply
Our electricity is provided to us by Energia. This provides a highly reliable service as they are one of the largest independent energy suppliers in Ireland supplying over 65,000 customers with electricity. Since we started operating out of our Ballymount facility in 2005 we have never had a drop of power from our provider.
In All n One we practice energy efficiency where possible. We do this by turning off lights when they are no longer needed. At night we turn off all the flip switches to our fuse box to cut the power on the floor.
In the unlikely case that power is lost from our Electricity service provider we have an onsite UPS solution ( In our warehouse we have our back-up system from UPS. For this we have 32 Batteries set up on secure racks that are linked to the Eaton branded battery breaker device so in the event of a power cut this device can keep our Ballymount facility running for another 12 hours. (In the un-likely event this occurs it will not affect the operation of BE as it is hosted on our web servers in out SunGard Data Centre)
5.2 Fire Prevention Procedures
Just like any business scenario, we want minimise the possibility of fire. We do this by implementing fire alarms, fire blankets and fire extinguishers.
- The fire officer for our building is Chris Thompson. He provides training to all staff on fire safety and procedures for the company, i.e. Evacuation process and how to tackle a fire with the correct extinguisher.
- The health and safety officer for the company is Patrick Jenkins.
We also have a service agreement with a company called Custom Electronics ltd. They provide us with routine check-ups on our fire equipment and alarms and also service this equipment if an issue is found. We have an agreement that every 6 months they will come in and service all equipment, and replace any faulty or broken items. We also check our fire alarms on a regular basis to make sure they are fully functioning and keep a log book of recorded data. By doing this we are certified as compliant towards the requirements of Irish Standards 291:1986. In our facility we have 16 fire extinguishers of which nine are C02, four are H20, Two are dry power and one is foam. There are multiple signs around the building stating the fire procedures of AllnOne and we encourage people to read them.
5.3 Hygiene/Cleanliness
We have a current service contract with a cleaning company who provide us with a cleaner for our facility. The cleaner comes out twice weekly and just keeps a general maintenance of the area. i.e empty bins, clean surfaces, hoover floors etc. This is in the best interest of our business as getting rid of any excess dust around computers can help maintain a machines life span by preventing dust from impacting the fans/hardware of the computer and in turn cause damage.
5.4 Pest Control
We have a service contract with Complete pest control who do routine visits bi-monthly. The visits include servicing any traps or replacing any old bait. We have never had a pest problem at the All n One facility, however it is important to have procedures in place.
5.5 Air Conditioning
At AllnOne there is a necessity for proper air conditioning as we need to keep machines at an optimum temperature to prevent overheating. Our air conditioning is broken into three locations:
• Ground Floor Open Floor Plan • 1st Floor Open Plan • 1st Floor Comms Room
The Ground floor has a Toshiba RAV361AH8-P air conditioning unit. This is a refrigerant that produces R-22 gas type which is environmentally safe and is used in most households.
The 1st Floor open plan has a Toshiba RAV461AH8-P air conditioning unit. This is a refrigerant that produces R-22 gas type which is environmentally safe and is used in most households.
The first Floor Comms Room uses a Toshiba RAV-SM562AT-E air conditioning unit. This is a specialized air refrigerant unit as the gas is produces is friendly for our comms room. It produces R-410A gases which is also more environmentally friendly then the R-22 gas and has no chlorine in it.
Our air conditioning service contract is with a company called Paragon. They maintain our air conditioning units and do a routine service every 6 months. In addition to this is we notice any issue with the air conditioning they will send a representative out to us to rectify the problem.
5.6 Internet Connections
At AllnOne internet connection is vital to how we operate. Currently we rent two internet lines from Eircom. We have utilised these two lines by splitting them up.
5.6.1 Line 1
This is the line that holds our cabled network connection. This includes all wired computers in the building and servers and the 3cx phone system. The router/modem is connected to a switch, the switch is then connected to 3 patch panels. The patch panels are connected to Ethernet lines and at the other end of those lines are access points for the PC’s in the building. The Wi-Fi on this router has been turned off to increase the security of a possible intruder getting into the network as he must be directly wired in. We also do not leave any open Ethernet ports available so any that are not in use are disconnected from our patch panel.
5.6.2 Line 2
The main purpose of this line is to facilitate clients who wish to use WIFI enabled devices while on the premises. We do not use this network to complete any secure work or alterations to bxp’s system. In addition, we change the wireless password on a monthly basis for security purposes, and also to stop users who have obtained the WIFI password on a previous occasion from logging on once again.
The wireless router is also kept off unless it is asked for by a visitor. In this case it is connected to the Eircom router which is separate from the office's main internet connection. For a visitor to get access to this they must provide their device's MAC address and the MAC address is then given access to the wireless network. This helps prevent unwanted wireless devices connecting to the wireless network when it is turned on.
6 Building Machinery Layout
At our All n One facility we operate machinery in different locations throughout our building. For the purpose of this document we have broken up the sections into what area the machinery is stored, and how we maintain it.
The building areas are as follows:-
- Main Floor
- Mezzanine Floor
- Board Room
- Canteen
- Comms Rooms
- Warehouse
All operational All n One machines comply with standard settings, processes and procedures listed.
6.1 Microsoft Windows Maintenance
Windows security updates are of the upmost importance to the security of our systems.
Regarding these updates, we implement upon release as these patches are designed to close off possible vulnerabilities in the Windows OS. All of our machines have a windows update scheduled to check and implement any windows updates every day at 16:00. We also spot check computers occasionally to make sure the updates have been implemented correctly.
6.2 Anti-Virus
Anti-Virus protection is vital to our security measures. Here at All n One we implement anti-virus software on all of our machines. Anti-virus scans are implemented in real time, and full system scans are implemented on all computers every forth night. This insures that there is no malicious software on company computers. By following this procedure we have never experienced any issues.
6.3 System Optimizer
In All n One we have implemented CCleaner as our system optimizer software, privacy and cleaning tool. It removes unused files from our system - allowing Windows to run faster and it also frees up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware. As this system optimizer is very fast to use. Its benefits are huge in regard to freeing up hard disk space on the main floor computers. We schedule to run this software weekly.
6.4 Spyware Protection
We use Spybot Search and Destroy as our main on-demand spyware scanner. It is used to scan a complete system for active malware; if suspected malware is detected, users have the option of removing it. A complete system scan will check for all malware which includes classical viruses. The malware database contains more than 7000 different threats and is constantly being updated. Immunization supports chrome, Firefox and Internet Explorer. Domains known to spread malware are added to this list so they no longer pose a threat. Spybot includes another level of immunization by adding those malicious websites to the Windows ‘hosts’ file. Spybot Free Edition definition files are updated on a weekly basis. We also run full system spybot scans on a bi-weekly schedule. We also have never had a spyware threat on any computers.
6.5 Software Testing/Hardware Testing
Software and hardware testing on machines is very importance. We keep a maintenance schedule running for these tests. We generally just run the generic software listed under section 3.1 of our Compac branded computers to make sure everything is running flawlessly. We also check for any updates to the software that does not automatically update. The hardware testing we run involves checking all of the monitors, mice, key boards, microphones and the machines internal hardware. We do internal hardware tests on yearly basis but if we encounter an issue with the machine, we run it on demand to find what part or issue must be fixed/replaced. For this purpose we keep a reserve of computer parts in our warehouse to allow us to fix issues promptly.
6.6 Cabling
In the interest of health and safety we keep all cables maintained and organised so there is no issue with lose/dangling cables. This also means we avoid any possibility of damage. In the case of a cable being damaged, i.e power cable, block, VGA, phone line or Ethernet etc., we keep a reserve of these in our warehouse.
6.7 Machine Hardware encryption Security
At All n One we operate on a windows environment. We utilize the windows based bit locker encryption. BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.
