 |
| |
Q: How is FirstClass secure?
A: Security may be broken down into three components: Content security (making sure that data on the server is secure), Network security (making sure that the data flowing between the client and server is secure), and Attack security (making sure that the system is protected against viruses and denial of service attacks). FirstClass addresses each of these components:
Content Security: FirstClass stores all user data in a secure Collaborative Store. This data is managed by the server, with a complete history and audit trail (this ensures that users and administrators know exactly who is creating, sending and accessing content). Every message and file is encapsulated, so that raw files are never written to the Post Office (thus avoiding any possibility of viruses running on the server machine). The Collaborative Store may also be mirrored to another backup Post Office (to ensure that user content is secure against hardware failure or disaster).
Network Security: The connection between the FirstClass Server and FirstClass client is made using a secure network connection. FirstClass uses an advanced streaming cipher to provide protection against network sniffers. Using FirstClass, all data is encrypted, as compared with some systems which encrypt only the body of the message. In addition, FirstClass has an additional level of encryption for passwords, ensuring that passwords are double-encrypted.
Attack Security: FirstClass is highly resistant to attack security, for two different reasons. First, on the server, all data (including files, messages and attachments) are encapsulated, which ensures that any viruses will pass harmlessly through the server. Second, since the FirstClass client has no user data stored locally, any virus that does run on a client machine will have no ability to access client data (such as messages and addressbook entries), and thus will be unable to reproduce itself.
For over a decade the designers of FirstClass have emphasized security as the most important aspect of a messaging system, avoiding the massive security problems found in systems that emphasize features over security. Centrinity maintains close ties to security-monitoring sites and is committed to addressing any security concerns as quickly as possible.
|