Software Quality Attributes -> Security



Security is the ability of the software to remain protected from unauthorized access. This includes both change access and view access. There are many types of security that need to be present, and they are explained below:



a- Intrusion Security

Intrusion Security is about protecting the systems from un-authorized access. AdvOSS uses a multi-dimensional approach to handle Intrusion Security

i. Network Topology Network Topology goes a long way to protect critical systems from intrusion. All AdvOSS networks are designed on layers of zones and each network element in put in the most protected zone where it can function. The typical zones are:

1- Core Network: The Core Network consists exclusively of NATed end points not accessible from public Internet. This includes all databases, all Radius Servers, all Application Servers and all Provisioning Servers running in the core.

2- Intranet Anything that requires access within the organization, can be put on the intranet. This is typical to put the Administration GUI to be available on the Intranet which can only be accessed from within available sub-nets

3- DMZ (Demilitarized Zone) Only the end points requiring public Internet access are exposed to that sort of access. This will include For web based access, a Selfcare Portal is specifically designed with minimal code and permissions to be able to call a minimal set of APIs and WorkFlow on the provisioning engine inside the Core For SIP Traffic, a Session Border Controller in put in the DMZ to exert relevant security controls over all SIP packets entering the network

ii. Web Access Security Framework Administration Portals are suggested to be on the Intranet, AdvOSS uses Java based Security Framework of ACEGI that provides advanced Authentication and Authorization features.



b- Data Security (Encryption)

The other type of Security is the Data Security.

i. Secured Transport All AdvOSS Switching and Billing products are built over AMPS. AMPS handles all transport and offers different types of advanced encryption techniques for packets transported over the network. This includes TLS, TTLS and SSL among others.

ii. Encrypted Storage AdvOSS uses one way encryption for all data that can be stored this way. This would include all passwords, Voucher PINs and other such data. This ensures that even if the security of the data is compromised, this sensitive part of the information is not leaked.

iii. Encryption before transport: Any data which is highly sensitive, is encrypted well before it is put on the wire. Example is the Voucher PIN Generation Utility that converts all PINs to their MD5 hashes right on the Client machine before it is transmitted to the Server. All people requiring access to Intranet from public points, need to have VPN connectivity before they are allowed access to Intranet.



c- Forensic Security

Forensic Security is about keep enough logs of all activity to allow to determine compromise or breach later on. AdvOSS ensures that all changes to the data are only done through the Provisioning Engine that keeps detailed logs of IP Addresses, Computer Names, Types of User-Agents and the changes made that can be effectively used in a later forensic analysis


Contact Now!

Tel: +1 (416) 900 5593

Suite 401, 50 Burnhamthorpe Road W.
Mississauga, ON L5B 3C2, Canada