NMS Security and Data
Security statement
We regularly test our security, and have undergone strict penetration testing, review and remediation from external security companies.
The NMS infrastructure and the flow of communication is all customer located Collector initiated (egress), and at no time will a connection be initiated into the Collector or customer’s environment.
At no point do we the service provider record or store the public external IP/NAT addresses of the collectors, enforcing the one-way communication as it has been designed.
All Communications between the Collector and Controller (AWS) is compressed and encrypted – using two different mechanisms.
Due to local legislations in certain countries, the Collector has been designed to only obtain and send out anonymised data from the devices it monitors.
As for the VPN, the process of connection is as follows:
- The engineer sets a VPN flag on the master server.
- The collectors check periodically for the flag.
- Once a collector discovers the flag is set - it downloads its VPN configuration from a randomised set on the master server.
- The collector initiates a connection to a vpn bridge using a .252 subnet.
Only 1 other device can join the tunnel – this would be an engineer on Nuvias’s side – with a specific IP handed to him from the master server.
This is all logged, and when finished – the connection tears down, and the vpn configuration goes back into the pool of randomised connections on the master server.
It has been specifically designed in this way to prevent any other devices communicating with the collectors in this way – and no possible way of any collector talking to a secondary collector.
You can turn off the VPN connection from the collector via the web interface – on doing this, it will never check for the presence of the VPN ‘flag’ and never raise the connection to the master server/vpn. – This cannot be remotely re-enabled.
Data Protection
All Statistical Data collected and passed over to the master server is anonymised.
The only IP addressing/configuration information stored in the database on both the collector and control server are the ones specific to the devices being monitored. The solution does not store any personal or private information in these statistical data packets including internal IP Addresses seen by the monitored devices. The average size of the data packet sent from the Collector (Client on premise) to the Controller (Located in the Amazon Web Service Cloud) is less than 10kb and sent every 1 hour.
The Collector periodically stores in memory space a table of statistics with a reference number for the associated device ID. No relevant information to the clients business is stored within this table and contains purely statistical details on ports, traffic, cpu, memory etc. - No IP addresses, no internal client names or host names.
Below is a sample of the data gathered and sent (decrypted):
21234,cpu_1_avg,4
21234,cpu_1_peak,64
21234,cpu_2_avg,2
21234,cpu_2_peak,34
21234,int_lan3_0_up,1
21234,int_lan3_0_link,1
21234,int_lan3_0_rxerror,0
21234,int_lan3_0_txerror,0
21234,connections_optimised_avg_total,45
21234,connections_optimised_peak_total,60
21234,connections_optimised_avg_active,43
21234,connections_optimised_peak_active,57
21234,connections_passthrough_avg,177
21234,connections_passthrough_peak,255
21234,connections_forwarded_avg,0
21234,connections_forwarded_peak,0
21234,throughput_wan2lan_WAN_avg,188.4 Kbps
21234,throughput_wan2lan_WAN_95perc,730.7 Kbps
21234,throughput_wan2lan_WAN_peak,1.5 Mbps
21234,throughput_lan2wan_LAN_avg,34 Kbps
21234,throughput_lan2wan_LAN_95perc,407.1 Kbps
21234,throughput_lan2wan_LAN_peak,614.6 Kbps
21234,datastore_used,100.0
21234,datastore_hits,5728140
21234,datastore_miss,3728208
21234,max_connections,3000
Multi Tenancy
The Master control centre has a multi-tenanted feature set. It stores all OTP hashes with a built in user database, it’s a one-way hash lookup to avoid storing of any credentials.
A User can be created with Access to the Reseller Portal, this user will only be able to see their own customers, collectors and be able to download reports for their devices. The site is secured with SSL only, enforces higher encryption methods with no fall back to http or weaker algorithms.
Resellers have the ability to view/create and edit their collectors and end devices – and using a built in access control, will not allow access to any device information outside their control.
Site access control uses server side sessions for lookup. Each page in the control centre has a permissions check before page loads, this ensures users cannot bypass the permissions engine. It will automatically destroy and reject the session if any violations occur. We realise this has an impact on performance, but we felt it was worth it to ensure the site security.