Submitted by admin on Wed, 12/14/2016 - 21:11

Skyfly Video have developed a secure and safe client portal in order to manage our clients footage and data captured by our aerial systems.  Our client portal is a secure application built within the Drupal 8 framework and hosted on a Dedicated CentOS server with Rackspace UK.

                                             

The portal is secure and password protected in order to prevent any issues with our clients IP (intellectual property). You can be sure that you data is now backed up and secure. 

On our client portal, the client is able to view their footage of their project, comment on the videos and photos to make amendments. 

The client is also able to view and edit 3D and 2D mapping data. The data is also annotatable and it allows you to comment. 

Our client portal is a secure application built within the Drupal 8 framework and hosted on a Dedicated CentOS server with Rackspace UK.

Security of our portal is two-tier, from both the application layer and the server layer. Within the application we strictly adhere to security best practices to prevent vulnerabilities, unauthorised access and SQL injection. Private files are locked down outside of the application root and only accessible by the web server. Portal application access is provided via Two-factor authentication and sensitive data  (login credentials) are processed with AJAX rather that POST. However we still implement HTTPS protocol throughout our client portal.

Drupal is intensively monitored and maintained by a vast community, meaning any security vulnerabilities that are identified are quickly patched and released. We ensure that all security updates are implemented immediately upon release and only from the trusted Drupal code repository. The level of monitoring & support along with the speed of patches makes Drupal one of the most secure web applications available.

Within Drupal we implement trusted host patterns, where we specify a set of regular expressions that the domains on incoming requests must match. This ensures protection against spoofing of the HTTP Host header.

We use a number of other security practices at the application layer, including file permission management, database prefixing, HTTP security headers and the implementation of a number of security packages that assess and monitor security issues with the application.

This is managed in conjunction with server security, where our dedicated server is housed with Rackspace UK. Rackspace are recognised as the leader in managed infrastructure, monitoring and support. Dedicated server specification is as follows;

·         Intel® Core™ i7-2600 Quadcore incl. Hyper-Threading Technology

·         DELL PowerEdge R710 Linux

·         128GB DDR4 RAM

·         Single Socket Quad Core Intel Xeon L5520 2.26GHz

·         2 Processors

·         1TB SAS 15K RPM Drive

·         Backup Space 100 GB (Sequential Backups)

·         Unlimited bandwidth (web traffic)

·         Network Availability SLA. 100%

The server sits behind a Dedicated Cisco ASA firewall and both are monitored 24/7 with infrastructure fully managed by Rackpscae UK, including hardware, OS patching and backups. Server backups are taken once every 24 hours with a 14 day history. Backups not only include the application but the whole server blueprint. Only vital ports (e.g HTTP/S) are opened, all other ports are locked down at the firewall preventing possible security breaches. Application code is only deployed to the webserver via SSH key authenticated code repositories. No other server access is available via either FTP, sFTP or SSH.

 

For even more enhanced authentication security to the application layer, we can implement secure network SSO (single sign-on) via Microsoft Active directory, with a VPN two-factor fallback through Deepnet Dualshield.

 

Server SLA also includes dedicated intrusion detection, server compromise checks and service auditing.