Security Overview

cybersecurity is a field dedicated to protecting systems, networks, and data from digital attacks, damage, or unauthorized access here’s a broad overview of the key concepts and components involved in protecting iris+™ cm application and system iris+™ cm endpoints secured endpoints all endpoint communication based on https / wss certificate issued by a well known ca (letsencrypt) data encryption data transfer from/to the iris+™ core is encrypted (tls 1 3) password security iris+ ™ cm utilizes sha 256 to generate hash keys data validation input data is serialized to well known structured types input data validation to avoid injections iris+™ cm cluster security isolated containers each service in the system is packed as an isolated container image hosted by the orchestrator (kubernetes) namespaces services in the cluster run as pods in different namespaces to comply with multi tier application architecture 1\ app – all stateless services processing data in memory 2\ data – all stateful services holding data (db, messaging, streaming) kubernetes provides internal dns and firewall rules to restrict communication across namespaces nodes tagging nodes are tagged according to the logical namespace to ensure nodes are assigned to a specific namespace iris+™ cm application security authentication every iris+™ user is authenticated using an email/password users can enable totp based second factor password requirements follow the nist password guidelines and practice, with a minimum password length requirement of 8 characters authentication checks for email and password similarities to prevent easy to crack passwords authorization (rbac) users access and roles are restricted to only their account and data to prevent unauthorized data access access restriction authentication cookies are utilized to access iris+ via the browser access tokens are generated and used for communications to the core api keys and access tokens are utilized to access service accounts that operate with the iris+ ecosystem session timeout portal browser sessions (as identified by their authentication cookie) are restricted to 20 minutes of idle time if the user operates under an operator role, the user is restricted to a maximum of 24 hours, regardless of idle time audit log any user/service account action is logged in the audit log and kept for 60 days iris+™ cm edge security isolated containers each service running in the edge is packed as an isolated container image hosted by the orchestrator (kubernetes) or docker ce engine host machine hardening the host os runs the minimal set of daemons required to run kubernetes or docker ce access to the network configuration page is protected by edge credentials access to the device configuration page is protected by the registered iris+™ user credentials for more information please contact irisity customer support using the link by submitting a support ticket or by reaching out to our services support team at support\@irisity com