Articles on: Eclipse Net Cloud

Security practices overview

Security is our top priority. We provide end-to-end security with multiple layers of protection at each step.

Please visit this pagelink to look for answers to common security questions.

Security is of paramount importance at Eclipse Net. We have implemented a robust multi-layered security approach to safeguard all aspects of our services. Here's an overview of our security measures:

Device-Side Security:
- Our Plug and Play Push module eliminates the need to expose Edge Devices to the public internet.
- In cases where direct access to Edge Device WebUI is required for troubleshooting, we offer a secure, temporary proxy connection option.
- Additional security options include strong password auto-generation, blocking inbound connections, and more.

Cloud Security:
- Security is a fundamental aspect of our Cloud infrastructure.
- Data is encrypted both at rest and in transit in every AWS service we use.
- We maintain comprehensive trail logs, application logs, metrics, and alerts that can be provided upon request.
- Continuous monitoring for malicious activity and unauthorized behavior is conducted using AWS services like GuardDuty.
- We leverage AWS serverless architecture to eliminate concerns about server maintenance and security.
- Long-lasting tasks are executed within a containerized, virtual private cloud environment.
- For added security, we offer a GovCloud option for the public sector.

End-User Security:
- We prioritize end-user security with features such as 2-Factor Authentication (2FA).
- The HTTPS protocol is mandatory across our platform.
- Our native user interface (UI) is designed without any add-ons or plugins.
- We maintain a single code base for both web UI and mobile apps to reduce the attack surface.

These layers of security ensure that all data is protected and handled in accordance with industry best practices.

Amazon AWS Security Layer:
- We rely on Amazon AWS for robust cloud infrastructure.
- AWS services such as Security, Identity, and Compliance, AWS WAF (Web Application Firewall), and AWS Certificate Manager are utilized.
- AWS GuardDuty continuously monitors and detects malicious activity.
- Sensitive data is securely stored using AWS SecretManager.
- Identity management, policy, and roles are managed through AWS IAM (Identity and Access Management).
- Services are isolated based on Docker containers, and machines are located in Virtual Private Clouds (VPCs).
- Access to AWS resources for containers is controlled through IAM policies.
- RDS (Relational Database Service) access is governed by IAM policies.
- MFA (Multi-Factor Authentication) is required for all accounts.
- Logs are stored in AWS CloudWatch, and alerts are generated based on metrics.
- AWS S3 provides exceptional data durability with unique MD5 signatures.
- Servers are regularly updated with the latest AMIs (Amazon Machine Images).
- Security hotfixes are applied via System Services Manager (SSM) updates.
- Serverless architecture always uses the latest fully patched OS versions.

Software Development Layer:
- Our software development practices prioritize security.
- We follow mandatory policies to adopt new framework versions.
- The latest updated libraries are used during the build process.
- Industry best practices are adhered to during development, including standard libraries and approaches for encryption, authentication, and authorization.
- We perform rigorous Code Inspection, Security Tests, and Load Tests for every new version build.
- The end-user UI for web and mobile is thoroughly checked for common attack vectors.
- All communication is encrypted over SSL (Secure Sockets Layer).
- We offer a pure HTML5 UI without any plugins, ActiveX, or additional add-ons.

P&P Technology Layer (Push and Play):
- Our Edge Devices are secured through our Eclipse Net Push module, designed to be both secure and network-friendly.
- The Push module initiates an outbound 443 TCP connection to the cloud, requiring firewall blocking of all Outbound HTTPS traffic to interrupt it.
- No public IP or ports need to be exposed for accessing and streaming Edge Devices.
- Edge device firmware remains untouched to avoid introducing security vulnerabilities; the Eclipse Net Push module is installed as an add-on.
- Our Auto-updater in the Eclipse Net Push module facilitates remote centralized updates without onsite visits.
- We offer a push Proxy server to generate temporary URLs for cloud-based maintenance and troubleshooting access to Edge Device Web UI.
- Some camera manufacturers offer options to prevent removal of the Eclipse Net Push module, even in cases of firmware changes or unauthorized tampering.
- Full access logs are stored in AWS CloudWatch.

For more detailed security information, please visit our security page to find answers to common security questions.

Updated on: 09/26/2023

Was this article helpful?

Share your feedback


Thank you!