SECURITY2020-04-17T10:55:45+00:00

SECURITY

Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information, personal information, intellectual property, data, and governmental information systems from theft and damage attempted by criminals and adversaries. Compass hardware, software and best practices are engineered to mitigate risks during the design, development, testing and implementation of our smart city initiatives:

RESTRICT PHYSICAL ACCESS

First and foremost, restriction of physical access is the most important component of cybersecurity. If an unauthorized person has physical access to a network device, they can reset the device to a default state with known (published) configuration parameters. An unauthorized person with physical access to a network device can also use a “network sniffer” to identify and access other devices resident on the local area network. For devices that have interfaces but are not network devices (such as RS485), physical restriction is most important because traffic on these devices is not encrypted.

RESTRICT NETWORK TRAFFIC

GovComm examines the network topography to assess all possible ways network and other devices can be accessed and direction of traffic (in / out and bi-directional). In order to prevent unauthorized in / out access, we implement rules on global routers and firewalls explicitly allowing only necessary network traffic and denying everything else. Software firewalls are installed on edge devices to prevent “man-in-the-middle” and “phone-home” attacks.

RESTRICT PHYSICAL ACCESS

First and foremost, restriction of physical access is the most important component of cybersecurity. If an unauthorized person has physical access to a network device, they can reset the device to a default state with known (published) configuration parameters. An unauthorized person with physical access to a network device can also use a “network sniffer” to identify and access other devices resident on the local area network. For devices that have interfaces but are not network devices (such as RS485), physical restriction is most important because traffic on these devices is not encrypted.

RESTRICT NETWORK TRAFFIC

GovComm examines the network topography to assess all possible ways network and other devices can be accessed and direction of traffic (in / out and bi-directional). In order to prevent unauthorized in / out access, we implement rules on global routers and firewalls explicitly allowing only necessary network traffic and denying everything else. Software firewalls are installed on edge devices to prevent “man-in-the-middle” and “phone-home” attacks.

AUTHENTICATION, AUTHORIZATION and ACCOUNTING (AAA)

After physical barriers and network restrictions are established, authentication, authorization and accounting (AAA) is configured to intelligently control access to network resources, enforce policies, audit usage, and provide the information necessary to monitor and maintain the platform. From the end points, across the network, to the head-end system and extending to the back-office software, these combined processes are considered critical for effective network management and security.

Authentication provides a way of identifying a user, typically by having the user enter a valid username and password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. Compass compares a user’s authentication credentials with other user credentials stored in our database. If the credentials match, the user is granted access to the network. If there is a credential discrepancy, authentication fails, and network access is denied. Authentication prevents an unauthorized user from gaining network access even if they somehow gained physical access. Authentication also creates personal accountability by identifying each user so their activity can be tied to their identity.

Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what level of access, activities, resources, or services a user is permitted. Compass authorization occurs within the context of the user’s authentication. Once Compass authenticates a user, the user’s defined authorization for different types of access and activities are permitted.

The final plank in the AAA framework is accounting, which measures the user’s activity during access. Compass creates an audit trail for every keystroke of every user through logging of session usage and statistics.

WIRELESS COMMUNICATIONS

For devices utilizing wireless communication technologies, Compass assesses security of each endpoint and gateway device to determine and address vulnerabilities. Theoretically, an unauthorized user can “listen” to a radio frequency (like being physically on a local area network) with a receiver and “sniffer” to obtain username and password credentials. If a person gains unauthorized access to a Compass wireless network, Compass’s enhanced 256-bit communication encryption technology (AES-256) protects our data and keeps it hidden from and inaccessible to unauthorized users.

ENCRYPTION TECHNOLOGY, SECURE SOCKETS LAYER (SSL) & FIREWALLS

Compass is designed and built from the ground up to provide end-to-end protection. We maintain data integrity through secure transmission and storage of data utilizing 256-bit communication encryption technology (AES-256) and equip our cloud servers with SSL certificates, TLS1.2 or better encryption. We also implement software and hardware firewalls allowing necessary traffic and explicitly rejecting all other traffic.

SECURE CLOUD HOSTING

Service continuity is ensured through redundancy and resiliency provided by Amazon Web Services (AWS). AWS provides security for us on our global infrastructure, networking and on the operating system level, including operating system upgrades and vulnerabilities. AWS tracks originating IP addresses, provides secure identity and access management for users, groups of users and validates that GovComm policies provide the intended access to allow and deny access to resources. AWS is ISO 27000 certified which means AWS complies with information security standards in information technology, security techniques and information security management systems published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

BEST PRACTICES

Through implementation of best practices including restriction of physical access to the network and the AAA’s, Compass cybersecurity initiatives will continue to eliminate unauthorized access, keep data secure, prevent transactions from unauthorized changes and to never have transmission interference.

Sales Quotes and Plan Takeoff’s

Before an estimator can bid for or start a project, they need to know the types and quantities of equipment they will need to complete it.

TELEPHONE

305-937-2000

HELP DESK

TELEPHONE

HELP DESK