Security

Overview

The DEALS system is hosted on servers managed by Purplewire, an experienced e-business development company. Purplewire's multi-layered security architecture incorporates security measures in data transmission, at the network perimeter, in the server infrastructure, and at the application level. These layers of security cooperate to provide protection of the critical data against a broad spectrum of security threats.

Hosting Environment

The Purplewire server hosting environment incorporates a balanced array of physical, network, and operating system security tools, including an automated monitoring and notification system.

Physical Security

The servers are located in a server room which is protected by a 5-button combination lock. Only selected Purplewire personnel have access to the server room. The server room is inside the Purplewire facility, which is protected by a card-key security system.

Network Security

Server Operating System Security

The DEALS system runs on UNIX-based servers. The servers are configured with all unnecessary services disabled. The few services which are necessarily visible through the firewall are routinely upgraded with the latest security patches.

Database Security

The DEALS database server is configured to accept connections only from database clients within the local server network, and only with appropriate database password.

Server Monitoring

Data Backups

All application data is stored on a high-availability mirrored disk system to provide protection against hardware failure. In addition, data is backed up daily to a separate server, and weekly backup backup tapes are created and stored in a location separate from the servers.

Data Transmission

SSL Encryption

Industry standard SSL encryption is used to prohibit "electronic wiretapping" or other unauthorized access to data or passwords as they traverse the public network between the Purplewire network and the user's web browser. The strongest 128-bit encryption is used whenever supported by the user's browser.

Server-based Access Control

The DEALS system uses authentication and authorization credentials which are generated by the web server software. The server is responsible for verifying that the user has the proper password for each request ("authentication") and for determining what level of access the user is allowed ("authorization"). In addition to allowing or denying access for each request, the server passes the user's identity and group memberships to the DEALS application for use in additional application-level security checks.

Application Security

The DEALS application security features ensure that authorized users of the system, once logged in, can only access data for which they are authorized, and can not view or modify other users' private data. The use of multiple access levels provides the flexibility to allow different levels of access to different types of users.

DEALTEK, DEAL Zone, DEALS, "Development, Expansion, and Location Solutions," Expert DEALS,
and "Turning Decision Choices into Choice Decisions" are registered trademarks of DEALTEK, Ltd.
The DEALS ® software program and the method of using it are covered by US Patent Number 7,640,196.
Copyright © 2000-2017 DEALTEK, Ltd., all rights reserved.