Security features of Nebula
The Nebula environment provides a wide array of features for users: professional technical support, centrally managed file backup and email services, and software testing and updates are among them.
Sometimes overlooked in this mix is security. The Nebula environment is carefully secured at the network and desktop levels, to ensure confidentiality and stability. This page outlines the security measures taken by Nebula system engineers.
The entire Nebula environment is comprised of Gold systems and Bronze systems, running either Windows 2000 or Windows XP as the operating system, both of which use 128-bit SSL encryption.
Security measures for all users include the following:
- Files stored on file servers are scanned on a monthly basis for known viruses.
- Domain controllers are replicated at two sites, and are located in machine rooms with limited physical access.
- Operating system upgrades and phaseouts are planned and enforced, to ensure the entire system isn't weakened by out-of-date software.
- All incoming email is scanned for known viruses.
- An account lockout policy is enabled to detect and prevent attempts at guessing passwords.
Security measures for all Nebula systems include the following:
- Virus updates are distributed at least weekly, and more often if needed, via a central distribution.
- Desktop PCs receive critical security patches and hot fixes daily as needed, via a central distribution.
- There is no access to the machine until a user logs in.
- Windows systems use Kerberos login encryption.
- Hardened security settings are applied to all PCs.
Security measures limited to Nebula Gold systems include the following:
- All terminal sessions to remote hosts use SSH encryption.
- Supported email software is configured to use SSL encryption.
- Operating system and web browser updates are applied via a central distribution.
- Client PC systems are not allowed to act as servers.
- The supported web browsers use 128-bit SSL encryption.
- All supported software is reviewed by engineers before installation.
- All PCs are scanned daily for suspicious network port usage.
- Outdated software is phased out and prevented using centrally administered removal techniques.
- All systems are automatically configured with TCP/IP filters, to limit access to certain network ports.
- Users don't have full rights to change any file on the PC, including system files. This is a centrally enforced system policy, designed to prevent accidental user mistakes as well as potential trojan horse programs that run without user knowledge.
- Only authorized Nebula accounts are able to log in on a given PC.
