Action Plan System Security
Michał, Sysadmin
—
3/30/2023
For companies and institutions that have decided to implement it, the Action Plan System (also branded as Action Audit) is an important tool which streamlines the flow of information and stores archival data reflecting the state of the organization over time. Every day, our customers use the System to enter important information, upload acompanying attachments and report what needs to be improved in the organization.
If this type of data falls into the wrong hands, it can seriously harm a given enterprise or institution. Ruby Logic continuously implements commonly used security best practices to keep our customers' data available to them - and only them.
This entry describes the security aspects of the Action Plan system in the context of our customers using the instance available under https://app.plandzialan.pl/ or https://app.action-audit.com/ (for customers using other subdomains, we prepare individual configurations that may differ from the following depending on the implementation).
Protection against unauthorized access
- The System can be accessed only via an HTTPS connection (from an Internet browser or the Pulse Application) - and only through the address agreed with the client. The Action Plan System does not use additional ports and other, less secure access options - which radically reduces the potential attack vector.
- The HTTPS connection is terminated on the Cloudflare Load Balancer, which establishes a secure connection with the application servers. Direct connection to the application servers from the Internet is completely blocked and their IP addresses are not made public. Load Balancer has built-in protection against threats - it detects automated software trying to detect potential security holes and enforces a task confirming that the connection is made by a human (CAPTCHA) - or simply blocks access to selected IP addresses.
- The Action Plan System stores the attachments uploaded by the users in the object storage service, placing the UUID value in the path, which significantly reduces the likelihood of a brute-force attack targetting attachments access.
- By default, the user logs in to the System using a login/email address and password, but it is also possible to perform authentication with a Google and LinkedIn account, thanks to the implementation of the OAuth2 protocol. The ReCaptcha module has also been linked into the login form, which, if Google detects suspicious traffic, will not allow the connection without performing the CAPTCHA task.
- The system requires specific password complexity rules - at least eight characters long and the use of at least one upper case letter, at least one lower case letter, a number and a special character.
- The system allows the use of two-factor login using any 2FA provider used by the client. Two-factor login can be enforced at the organization level.
- Each Customer's data is placed in a separate area of the Database, to which the User gains access after successful authentication.
- The IDs of the objects in the Action Plan System coincide between the Database spaces, so if the User learns the ID of another Client's Action Plan and tries to open it on his account, they will only see the Action Plan with the same ID in his Database space or a message about the lack of such a resource.
- Access to the application servers is possible only from the Cloudflare Load Balancer and the Internal Network.
- Application servers run on the current version of a stable Linux distribution.
- Limited access to the Action Plan System application servers via the Internal Network is granted to Programmers actively working on the System for troubleshooting purposes. Only the CEO of Ruby Logic Poland and the Administrator have full access to the application servers.
- Other access to application servers is blocked by firewalls, respectively: of the service provider and the Internal Network.
Data loss protection
- All text data entered by system Users are stored in the Database, on the Database Server, which is automatically archived twice a day.
- Database archiving is performed to Resources in two different geographical locations.
- All file data loaded by Users (photos, documents) are stored in the object storage service of the leading provider.
- The application servers work in a cluster - connections are optimally distributed to servers using Load Balancer.
- Each functionality introduced to the System is subject to code quality review, automatic tests and then rigorous manual tests.
As a well-known saying in the industry goes - the safest system is the one unplugged. There is no system that is completely secure and immune to all possible threats. The decisions we have made and the actions we take regularly in the context of security protect access to the key data of our current customers and respond to the requirements of entities that are in the process of making decisions about starting to use the System.
We wish you the safe use of the Action Plan ecosystem.