| Line 113: |
Line 113: |
| | </div> | | </div> |
| | | | |
| − | ==Addendum== | + | ==Incident handling for myViewBoard== |
| | + | |
| | + | Nowadays, the cyber-attacks would be a more serious problem in the world. In myViewBoard, we had clearly defined the incident handling approaches internally and had internal procedures. |
| | | | |
| − | Changes to the system environment:
| + | [[File:Security.png|700px]] |
| | | | |
| − | This document relates exclusively to the details of the product or project specified above. This section is designed to provide requested details on how the product in question interacts with the system environment in question.
| + | The flow mainly divided the incidents into four different risk levels and handling with different approaches. |
| | + | * '''Critical''' |
| | + | : The critical level is the risk of data leakage and the vulnerability found that would cause service impact or leading to affect the usage of myViewBoard. For the issue defined in this category, myViewBoard security team would immediately notice our management group and the virtual incident response team led by senior management and security experts had been formed to tackle the issue as soon as possible. Our incident handling team will include all related department's representatives and handled the reported issue in their highest priority to resolve the issue. myViewBoard also will document the total steps that we are performed in such incidents and will provide the lesson learned to the team. |
| | + | : The critical level risk would also notice the related parties and myViewBoard management group about the solution or adjustment that should aware on operations and handling skills to our team. |
| | + | * '''High''' |
| | + | : The high-risk level defined there is service impact on myViewBoard but the contingency system had been uplinked to support the service. The high-risk level may also fall by criteria of server impacts that may create threats or vulnerabilities that affect customer use of the system. |
| | + | : In myViewBoard, the high-risk level will also trigger the formation of the virtual incident response team with all related parties' representatives with security experts to resolve the problem. |
| | + | : For the operations, the management level in myViewBoard will receive the notice on the issue defined as high-risk level and the incident response team will keep reporting to the management group till the incident is resolved. |
| | + | : myViewBoard will document the total steps that we are performed in such incidents and will provide the lesson learned to the team. |
| | + | * '''Medium''' |
| | + | : The risk defined at the medium level will mainly cause a minor impact on the service and not affect any of the daily operations in myViewBoard. The medium risk level in myViewBoard will mainly follow the pre-defined guidelines and procedures to handle and resolve the issue. The solution may need to be patched or updated in order to use out internal change management process to perform. |
| | + | : All the tasks and logs collected during the incident handling will be listed in detail in myViewBoard internal directory and shared with the internal team only. |
| | + | * '''Low''' |
| | + | : The problem that myViewBoard defined as low-risk level will not affect any provided service or business operation. The low-risk level issue will be handled with the regular handling procedures by myViewBoard team. The low-risk level issue will also be listed on our intranet and shared with the team without identifiable information. |
| | | | |
| − | This product has software components that are installed in standard user directories. Any exceptions to this are listed below:
| + | ==Addendum== |
| | | | |
| − | * Crossmatch Fingerprint SDK | + | Besides the above sections, myViewBoard also needs the following port open to allow access to our system. |
| − | * SQLCipher | + | * TCP Port 443 (HTTPS): outbound |
| | + | * UDP and TCP port 3478 bidirectional to the WebRTC servers |
| | + | * UDP Ports 49,152 – 65,535 (RTP/sRTP/RTCP) bidirectional to the WebRTC servers. These ports are optional; if blocked, media will be proxied using TURN on port 3478. |
| | | | |
| − | This software component also adds or makes modifications to the following system attributes and configurations (such as registry entries, firewall settings, digital certificates, kernel mode drivers, and browser plugins):
| + | The above ports are the minimum request on linking the service from your organization and it would help to ensure the availability of our service. |
| | | | |
| | + | The client software component also adds or makes modifications to the following system attributes and configurations (such as registry entries, firewall settings, digital certificates, kernel mode drivers, and browser plugins): |
| | * Registry Keys: | | * Registry Keys: |
| − | HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\Products\U.are.U RTE
| + | : HKEY_LOCAL_MACHINE\SOFTWARE\ViewSonic\vBoard (Whiteboard for Windows) |
| − | | |
| − | | |
| − | Services: The following are uses of cryptography:
| |
| − | | |
| − | * Hashing Algorithms: SHA25
| |
| − | * Public-Key Algorithms: RSA-204
| |
| − | * SSL Schemes: TLS 1.2
| |
| | | | |
| | + | * Services: |
| | + | : The following are used for cryptography: |
| | + | :・Hashing Algorithms: SHA256 |
| | + | :・Public-Key Algorithms: RSA-2048 |
| | + | :・SSL Schemes: TLS 1.2 |
| | | | |
| − | The following is a list of all known third party components used in this product:
| + | ==Resiliency of myViewBoard== |
| | + | myViewBoard not only considers the confidential aspect of the service provided, but also concerns about the availability of the service provided. In myViewBoard, all our infrastructure is running under N+1 design. To ensure we provide the services running in smooth and high availability mode, our infrastructure vendors are basically running in 99.999% availability. |
| | | | |
| − | * WebRTC
| |
| − | * mqtt
| |
| − | :- MQTT 3.1 and 3.1.1 compliant
| |
| − | :- QoS 0 and QoS 1
| |
| | ---- | | ---- |
| | {{ent:Get_more_information}} | | {{ent:Get_more_information}} |