Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page may be useful when developing your security posture around the service that PhixFlow provides for your users

Overview

This page outlines the approaches and features within PhixFlow that address common security vulnerabilities and ensure PhixFlow is as secure as possible.


Panel
borderColor#7da054
titleColorwhite
titleBGColor#7da054
borderStylesolid
titleSections on this page

Table of Contents
indent12px
stylenone


PhixFlow Security Design Features
Anchor
design
design

Secure Coding

PhixFlow is designed to be a secure business system that can be used via browsers and mobile devices, rather than being designed primarily as web based system. It uses technologies specifically selected to solve complex processing problems, address both the needs of an agile mobile workforce and the security issues that increased levels of remote access brings.
PhixFlow software is built using our own proprietary secure coding standards and processes adapted from the Open Web Application Security Project (OWASP).
Using these approaches means that should your application be targeted by unauthorised users, the vulnerabilities common in many other web applications either do not exist, or have already been addressed, and it will therefore be extremely difficult to circumvent the security controls.
Examples include:

    • Data containment: All input entered and viewed by users is sanitised to prevent common types of 'injection', and 'cross site scripting' attacks.
    • No page caching: Many browser-based applications allow users to use the back buttons to navigate previous screens and in-process forms which can cause data corruption.
    • No URL modification: Many browser-based applications expose the user IDs in the address bar that allow and encourage direct access circumventing the navigation and security policies.

Secure Authentication
Anchor
_GoBack
_GoBack

Within PhixFlow, authentication can be delegated to an external authentication service provider e.g. your company's Microsoft Active Directory or authentication can use user accounts managed directly by PhixFlow.
If you use an external authentication service provider, then all policies including password length and complexity, maximum number of attempts and password history will be adhered to.
If you choose to use PhixFlow for authentication, secure password policies can be created and enforced to ensure that passwords are strong, changed regularly and not re-used.

Authorisation

PhixFlow uses user-defined access groups and roles, to provide a highly configurable and highly granular level of access control, encouraging the principle of least-privilege access. Using the tools in PhixFlow, access to specific screens and buttons can be limited to just those users, or groups of users, who require access.
In addition, PhixFlow consultants will configure record-level security if this is required, to ensure that users can only see or update those specific customers or records which they have been given access to.

Access to Other Data

Most applications configured in PhixFlow involve accessing data from company databases, web APIs or other third party systems. PhixFlow manages security for this in two ways:

    • Through system level security i.e. remote system access is authorised with a "phixflow" system level user account (or multiple accounts to provide each "application" just the access needed in line with the principle of least privilege). This is the preferred security model.
    • Using the logged on user's credentials so that no further accounts are needed.

When PhixFlow solutions are exported for deployment between test and live systems, all database and web services authentication details are removed to ensure that live data access is not accidentally shared with a test system.

Separation of Test Data

As a policy PhixFlow Ltd does not use or store live customer data in any PhixFlow owned development or test infrastructure. Data used on any of these systems for testing is either randomly generated or anonymised using algorithms agreed with the customer.
PhixFlow provides a mechanism which supports replication of applications without copying any data. This allows for easy creation of test and staging instances without exposing confidential records.

Logging and Audits

PhixFlow logs all access and access attempts to support forensic data analysis. In addition, all changes to configuration objects in PhixFlow are audited.
During a project, PhixFlow consultants follow a methodology that captures additional security requirements, which for example may include auditing changes to data records.

Default logging levels are set in logback.xml  and  phixflow-logging.xml. When troubleshooting issues you can increase the level of detail including in the log files. 

Warning

If you increase the detail in log files, full HTTP information is recorded in plain text. This can include security information and tokens.

Deploying PhixFlow for Web Access Anchordeploydeploy

This section provides input into your risk assessment process and deployment decisions.
As with any application, deploying PhixFlow for remote access presents security risks. The most common risks for browser based business systems include attempted unauthorised access to the server resources, the data and the users' computers. Whenever a server is available via the world wide web, there is increased exposure to various security vulnerabilities in the underlying web server operating system. For this reason, many customers choose to access PhixFlow via a VPN.

Risk Assessments

We recommend your risk assessment process includes the following:

    • User types – staff, contractors, associates.
    • Dialogue with end-users as well as technology staff, to identify and understand the risks and existing counter-measures.
    • Device types and who owns and manages them.
    • Locations where the system will be accessed from e.g. homes, offices, public areas.
    • Treatment of any high priority risks identified by applying good or best practices in network and firewall configuration, intrusion detection and prevention strategies, server hardening, configuration, deployment, application monitoring and usage guidelines.

General Recommendations for Using PhixFlow Securely

    • Implement least privilege access by:
      • Only placing users in groups appropriate for the tasks they need to do.
      • Review accounts used by PhixFlow solutions for access to databases and email accounts ensuring they only have the level of access needed.
      • Limit the number of administrators or accounts with full access.
    • Do not use the system for testing or development as it is common for additional user accounts to be required, and authorisation to be relaxed to enable testing.