The security and privacy of information is a major concern for many organizations. The foremost concern
among document imaging customers is often the assurance that critical corporate data will remain safe and
secure and that a plan exists for reliable disaster recovery should an unexpected event occur.
At Sobtec we understand the need for robust security and disaster protection, and therefore, we adhere to a
strict methodology for security and disaster readiness that is both straight-forward and comprehensive.
It is the intent of this document to detail the security and disaster readiness provided by Sobtec, Inc. for its
Fort Dox document imaging service. More specifically, the white paper covers the following critical areas in
detail.
Staff
All Fort Dox imaging staff must pass a thorough interview process and background check. Imaging staff are
always supervised and no one is hired unless they have a minimum of a year of experience in scanning /
data entry. All file preparation, scanning, and indexing processes are subject to various quality control steps
to assure imaging quality and accuracy.
Building Security
The Fort Dox scanning bureau is located in a locked warehouse / office facility. Files are kept at the facility
for 30 days post scan. The facility is locked, under alarm, and protected via a 3rd party security company.
After 30 days, the files are professionally shredded on premises and under supervision.
Software Security
In order to ensure the integrity of documents entrusted to us, Sobtec has incorporated a comprehensive
security strategy for its Fort Dox document management software. This strategy encompasses three major
areas: application security, network security, and physical security.
Additional security measures will be implemented as needed as part of our ongoing commitment to customer
service.
Application Layer
Authentication
Fort Dox users are provisioned via an account administrator. In order to access Fort Dox, users must have
the required username and password. Various criteria can be entered to customize the account security
scheme to meet the needs of any organization.
Permission Sets
Fort Dox utilizes Access Control Lists (ACLs) to allow for global administration of document security. These
permission sets are configured by an administrator and allow for access rights to be applied at the document
type / category and user level.
Encryption
Any documents scanned, imported, or accessed from Fort Dox are encrypted using 128-bit SSL encryption.
Network Layer
Firewall
All traffic to and from Fort Dox is monitored via a Unix-based firewall. This firewall software provides packet
filtering, network address translation (NAT), and intrusion detection. A real-time traffic analysis is performed
on all incoming packets and the results are logged. The firewall is configured to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting
attempts.
Physical Layer
See Data Center Operations section below for details.
Data Center Operations
The Fort Dox Data Center is located at Cogent’s premier Florida facility and backed-up to Cogent’s Virginia
hosting center. Cogent is headquartered in Washington, D.C. Cogent is a multinational Tier 1 Internet
service provider ranked as the largest Ethernet Service Provider in the United States by Ovum-RHK and
consistently ranked as one of the top five networks in the world.
Cogent guarantees 99.99% network availability, 99.9% packet delivery, less than 50 milliseconds roundtrip
latency and proactive outage notification within 15 minutes. Cogent’s 28 data centers are Category 5 rated
structures, with armed security, CCTV, secure biometric access, locked cabinets, redundant power,
redundant routers, redundant Internet connectivity, and backup generators. All physical and network
security and backup processes are tested and updated on a regular basis.
Cogent’s data centers offer the following:
Exterior Structure Category 5 Rated building
Single story, poured concrete wall, roof and foundation
Internal Data Center Structure Walls: Concrete block, reinforced with steel and poured concrete
Foundation: Data center –class raised floors over poured concrete
Data center is centrally located within exterior structure within structure and shares no exterior walls
Fire Protection Fully automated, advanced fire detection and suppression systems
Multi-zoned (32 zones – 8 zone in each data center quadrant)
FM-200 gas suppression system
Dual-Action dry pipe back-up sprinkler system
Smoke, ion and water detection system
All systems monitored 24x7 by on site personnel using SiteScan software.
Physical Security Perimeter: Roving security officers
On-site security guards
Building Access: Proximity access card and Biometric hand scanners
Colocation quadrant access is limited to clients and authorized personnel
Cameras with 24x7 video recording and monitoring are position in strategic areas
Intrusion Detection: Infrared devices in common areas, below floor and above ceilings
Environment Liebert HVAC units
160 tons – Eight 20 ton units for data center
• Four chilled water units, 3 DX (air cooled) units 1 combination unit (chilled water DX)
Data center temperature and humidity monitored 24x7 with Liebert SiteScan
Air flow is sub-floor to ceiling
Internet Connectivity Two redundant OC12s at 622 Mbps each
Routing and Switching
• Two Juniper M20 Series Backbone Routers
• Two Foundry Networks BigIron Gig E Switches
• Two Cisco Catalyst 6509 Aggregation Switches
• Private LAN established for customers
• Router Redundancy
• Switch Redundancy
Connected to the Cogent Global Tier-1 Network
• high capacity global backbone
• 24 hour Network Operations Center (NOC)
• links to key national and international exchange points
MAE West
MAE East
NY NAP
the Digital Internet Exchange in Palo Alto, CA
AADS and UNX in London
Power Electricity
o Substation on campus
o 2 separate and diverse paths of entry
o 2 separate switch rooms
o Each power feed has A & B BUSS connectivity back to FPL on automated switches
UPS
o 2 Liebert 300 KVA UPS systems
o Liebert 1280 UPS system control unit
o UPS units convert power to DC and sends it to Battery Room for Storage
o From Battery Room, power is converted at the UPS units and sent to the data center
Power Delivery Units (PDU)
o Power from UPS is routed to Liebert PDUs located in Data Center
o Each collocation cabinet receives a dedicated 20 amp circuit with multi receptacle outlets
o Power to each cabinet/circuit is monitored with SiteScan software
Generators
o UPS system is backed up by 500 KW subscription to T-REX generator plant
o Five 2.0 mega-watt generators
o Start time: Maximum 45 seconds from power failure
o 90,000 gallons of fuel on site
o Approximately ten days of running without refuel
o Generators are located in Cat 5 structure
o Tested weekly
o Full load test performed quarterly
Cabinets (Racks) Chatsworth MegaFrame and Rittal PS Series
Locks: front and back
Cages Secure space for large equipment installations
Quality constructed, heavy-gage steel frames and grids
System Architecture
The Fort Dox production system was designed to provide maximum availability and reliability. In addition, the
system is designed to allow for future extensibility assuring that our customers benefit from unlimited
scalability and performance.
Modularity & Redundancy
The Fort Dox production system consists of a tiered computing infrastructure that interacts as a whole to
deliver the document management service. Each tier is designed to provide maximum performance and
redundancy while allowing for future extensibility.
The computing tiers that comprise the Fort Dox production system can be grouped into three layers:
Application: This layer runs the Fort Dox web client and ancillary services such as the Fort Dox upload
and API server. To assure maximum performance and reliability, the Fort Dox production system consists of
a number of load balanced web servers. By never directing a new request to a functional block that is
unavailable, the dynamic load balancers improve the fault-tolerance of the Fort Dox production system.
Database: This layer runs the Oracle database and core application logic. This layer is mirrored with
a second stand-by database server that is being updated real-time with the data contained in the production
database server.
Storage: This layer consists of an online dual RAID array that serves as the document repository. The
RAID array is configured to be mirrored and hot swappable.
Monitoring
All of the Fort Dox systems are managed using Nagios software that monitors processor load, disk and
memory usage, network services (e.g. HTTP, SMTP, etc.), and database and application services. In the
event a problem is detected, Nagios is configured to notify a Fort Dox systems engineer via email and mobile
phone.
Scalability
The modular, plug and play architecture of the Fort Dox production system allows for additional servers to
be added to any of the three computing layers to sustain future growth and performance requirements.
Summary
Fort Dox is prepared and committed to delivering a secure, reliable document management service to its
customers and business partners. In order to do this, Sobtec will continue to analyze its security and disaster
recovery best practices, and make adjustments to both technology and processes as necessary.
among document imaging customers is often the assurance that critical corporate data will remain safe and
secure and that a plan exists for reliable disaster recovery should an unexpected event occur.
At Sobtec we understand the need for robust security and disaster protection, and therefore, we adhere to a
strict methodology for security and disaster readiness that is both straight-forward and comprehensive.
It is the intent of this document to detail the security and disaster readiness provided by Sobtec, Inc. for its
Fort Dox document imaging service. More specifically, the white paper covers the following critical areas in
detail.
- Staff
- Building Security
- Software Security
- Data Center Operations
- System Architecture
Staff
All Fort Dox imaging staff must pass a thorough interview process and background check. Imaging staff are
always supervised and no one is hired unless they have a minimum of a year of experience in scanning /
data entry. All file preparation, scanning, and indexing processes are subject to various quality control steps
to assure imaging quality and accuracy.
Building Security
The Fort Dox scanning bureau is located in a locked warehouse / office facility. Files are kept at the facility
for 30 days post scan. The facility is locked, under alarm, and protected via a 3rd party security company.
After 30 days, the files are professionally shredded on premises and under supervision.
Software Security
In order to ensure the integrity of documents entrusted to us, Sobtec has incorporated a comprehensive
security strategy for its Fort Dox document management software. This strategy encompasses three major
areas: application security, network security, and physical security.
Additional security measures will be implemented as needed as part of our ongoing commitment to customer
service.
Application Layer
Authentication
Fort Dox users are provisioned via an account administrator. In order to access Fort Dox, users must have
the required username and password. Various criteria can be entered to customize the account security
scheme to meet the needs of any organization.
Permission Sets
Fort Dox utilizes Access Control Lists (ACLs) to allow for global administration of document security. These
permission sets are configured by an administrator and allow for access rights to be applied at the document
type / category and user level.
Encryption
Any documents scanned, imported, or accessed from Fort Dox are encrypted using 128-bit SSL encryption.
Network Layer
Firewall
All traffic to and from Fort Dox is monitored via a Unix-based firewall. This firewall software provides packet
filtering, network address translation (NAT), and intrusion detection. A real-time traffic analysis is performed
on all incoming packets and the results are logged. The firewall is configured to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and OS fingerprinting
attempts.
Physical Layer
See Data Center Operations section below for details.
Data Center Operations
The Fort Dox Data Center is located at Cogent’s premier Florida facility and backed-up to Cogent’s Virginia
hosting center. Cogent is headquartered in Washington, D.C. Cogent is a multinational Tier 1 Internet
service provider ranked as the largest Ethernet Service Provider in the United States by Ovum-RHK and
consistently ranked as one of the top five networks in the world.
Cogent guarantees 99.99% network availability, 99.9% packet delivery, less than 50 milliseconds roundtrip
latency and proactive outage notification within 15 minutes. Cogent’s 28 data centers are Category 5 rated
structures, with armed security, CCTV, secure biometric access, locked cabinets, redundant power,
redundant routers, redundant Internet connectivity, and backup generators. All physical and network
security and backup processes are tested and updated on a regular basis.
Cogent’s data centers offer the following:
Exterior Structure Category 5 Rated building
Single story, poured concrete wall, roof and foundation
Internal Data Center Structure Walls: Concrete block, reinforced with steel and poured concrete
Foundation: Data center –class raised floors over poured concrete
Data center is centrally located within exterior structure within structure and shares no exterior walls
Fire Protection Fully automated, advanced fire detection and suppression systems
Multi-zoned (32 zones – 8 zone in each data center quadrant)
FM-200 gas suppression system
Dual-Action dry pipe back-up sprinkler system
Smoke, ion and water detection system
All systems monitored 24x7 by on site personnel using SiteScan software.
Physical Security Perimeter: Roving security officers
On-site security guards
Building Access: Proximity access card and Biometric hand scanners
Colocation quadrant access is limited to clients and authorized personnel
Cameras with 24x7 video recording and monitoring are position in strategic areas
Intrusion Detection: Infrared devices in common areas, below floor and above ceilings
Environment Liebert HVAC units
160 tons – Eight 20 ton units for data center
• Four chilled water units, 3 DX (air cooled) units 1 combination unit (chilled water DX)
Data center temperature and humidity monitored 24x7 with Liebert SiteScan
Air flow is sub-floor to ceiling
Internet Connectivity Two redundant OC12s at 622 Mbps each
Routing and Switching
• Two Juniper M20 Series Backbone Routers
• Two Foundry Networks BigIron Gig E Switches
• Two Cisco Catalyst 6509 Aggregation Switches
• Private LAN established for customers
• Router Redundancy
• Switch Redundancy
Connected to the Cogent Global Tier-1 Network
• high capacity global backbone
• 24 hour Network Operations Center (NOC)
• links to key national and international exchange points
MAE West
MAE East
NY NAP
the Digital Internet Exchange in Palo Alto, CA
AADS and UNX in London
Power Electricity
o Substation on campus
o 2 separate and diverse paths of entry
o 2 separate switch rooms
o Each power feed has A & B BUSS connectivity back to FPL on automated switches
UPS
o 2 Liebert 300 KVA UPS systems
o Liebert 1280 UPS system control unit
o UPS units convert power to DC and sends it to Battery Room for Storage
o From Battery Room, power is converted at the UPS units and sent to the data center
Power Delivery Units (PDU)
o Power from UPS is routed to Liebert PDUs located in Data Center
o Each collocation cabinet receives a dedicated 20 amp circuit with multi receptacle outlets
o Power to each cabinet/circuit is monitored with SiteScan software
Generators
o UPS system is backed up by 500 KW subscription to T-REX generator plant
o Five 2.0 mega-watt generators
o Start time: Maximum 45 seconds from power failure
o 90,000 gallons of fuel on site
o Approximately ten days of running without refuel
o Generators are located in Cat 5 structure
o Tested weekly
o Full load test performed quarterly
Cabinets (Racks) Chatsworth MegaFrame and Rittal PS Series
Locks: front and back
Cages Secure space for large equipment installations
Quality constructed, heavy-gage steel frames and grids
System Architecture
The Fort Dox production system was designed to provide maximum availability and reliability. In addition, the
system is designed to allow for future extensibility assuring that our customers benefit from unlimited
scalability and performance.
Modularity & Redundancy
The Fort Dox production system consists of a tiered computing infrastructure that interacts as a whole to
deliver the document management service. Each tier is designed to provide maximum performance and
redundancy while allowing for future extensibility.
The computing tiers that comprise the Fort Dox production system can be grouped into three layers:
Application: This layer runs the Fort Dox web client and ancillary services such as the Fort Dox upload
and API server. To assure maximum performance and reliability, the Fort Dox production system consists of
a number of load balanced web servers. By never directing a new request to a functional block that is
unavailable, the dynamic load balancers improve the fault-tolerance of the Fort Dox production system.
Database: This layer runs the Oracle database and core application logic. This layer is mirrored with
a second stand-by database server that is being updated real-time with the data contained in the production
database server.
Storage: This layer consists of an online dual RAID array that serves as the document repository. The
RAID array is configured to be mirrored and hot swappable.
Monitoring
All of the Fort Dox systems are managed using Nagios software that monitors processor load, disk and
memory usage, network services (e.g. HTTP, SMTP, etc.), and database and application services. In the
event a problem is detected, Nagios is configured to notify a Fort Dox systems engineer via email and mobile
phone.
Scalability
The modular, plug and play architecture of the Fort Dox production system allows for additional servers to
be added to any of the three computing layers to sustain future growth and performance requirements.
Summary
Fort Dox is prepared and committed to delivering a secure, reliable document management service to its
customers and business partners. In order to do this, Sobtec will continue to analyze its security and disaster
recovery best practices, and make adjustments to both technology and processes as necessary.
| Copyright © 2005-2008 SOBTEC, INC. Ephone: (954) 727-3992 Efax: (954) 206-6838 Email: contact@sobtec.net |
Security Overview
Document Management
 | |  | |  | |  |