XecureZone is XecureIT’s holistic security architecture. It is a highly secure system where all incoming and outgoing network packets will be scrutinized by multi-layer and multi-level security controls before accessing specific servers or network segments. All systems and users activities inside XecureZone are also tightly monitored.
XecureZone Secure Architecture can be conveniently implemented using combination of XecureSystem and XecureIT’s client technologies which depend on required information security classification level. Sensitive classification concerns confidentiality and/or integrity aspects.
- Any (insecure) standard workstation is used to achieve Level-0 Security (Public Information) Level-1 Security (Internal Use Only).
- Customized XecureBrowser is used to achieve Level-2 Security (Sensitive Information).
- Virtual XecureClient is used to achieve Level-3 Security (Highly Sensitive Information).
- XecureClient USB or DVD is used to achieve Level-3 and Level-4 Security (Highly Sensitive Information).
- XecureAdmin USB is mandatory to allow system administrator, security administrator and security auditor.
XecureZone is created with following principles:
- Rigorous Security Policies and Procedures
- Only protected systems inside XecureZone and XecureClient managed by XecureZone Gateway can be trusted.
- Full data encryption using military grade encryption algorithm AES-256bit, 14-rounds.
- Clear network segmentation between different systems from different security level or category.
- Each network segment is separated by Firewall and monitored by Intrusion Detection Systems.
- Each server is protected by host-based Firewall and host-based Intrusion Detection Systems, including Integrity Assurance System.
- Each network and servers activities are logged, analyzed and correlated in real time.
- Each network and servers performance are monitored.
- End-to-end security using XecureClient and customized XecureBrowser is required to protect your sensitive information or transaction.
RIGOROUS SECURITY POLICIES AND PROCEDURES
XecureZone architecture mandates implementation of least privilege policy and rigorous security procedures.
- Any network and servers configuration changes must be passed through strict Change Management Procedure.
- Any unauthorized outgoing file transfer must have formal approval.
- Only authorized network packets from authorized users using authorized systems can access systems into XecureZone without triggering critical security alert.
- Each critical alert must be sent to the incident handling team in real-time and must be responded using defined Incident Handling Procedure.
- Everyone, including administrator and auditor must sign XecureZone Behaviour Agreement.