|
|
|
About Security
Resa Application Service Provider (RASP) is served by Resa Secure
Web Server (RSWS). Note: this website (www.resacorp.com) is powered
by IIS (NT Platform) because it does not contain any applications -
it is just an informative site.
Our RASP site however, is a completely different ballgame! Do not
take our word for it. Put RASP to the test with some very simple,
though powerful experiments (test1, test2).
We believe that Security is absolutely essential
for any Application Service Provider (ASP) to be trustworthy and
hence successful.
There are several reasons why RSWS and RASP are secure:
 | No risk of downloading harmful programs.
RASP does not require you (c.q. the end-user) to download ANY
code or logic other than 100% pure HTML. This means that no Java
code, ActiveX component, or any scripting code is downloaded, or
used on your computer to operate any functions that are
contained in an application. Even if you set all of your
Browser's security settings to its highest level, you will
still be able to work with RASP. As a consequence, there is
absolutely no risk of virus, worm, or Trojan horse infections. | |
| Up-to-date security of the servers.
Because RASP does not require you to install any program on your
computer, all software updates, and maintenance is done by Resa
Corporation at the various server sites. You will always have
the most recent version of all RASP applications at your
disposal (this, of course, includes security software such as
firewalls, RASP application security features, and the
Server Operating System). | |
| The end of the piracy age.
Third-party developers of RASP software can cheaply deploy and
distribute their software worldwide without bearing the risks of
software piracy. Moreover, flexible, tailor-made licensing
schemes can be set up such that customers pay for the
"right to use software", rather than for each computer
or user. In the end, everyone benefits from a transparent
payment scheme: the producer does not loose money on fraud, the
customer only pays for what he is really using. | |
| No Cookies.
RASP never saves Cookies on your computer (not even
temporarily). All information about the user's profile,
analysis, and data is stored on the server. Your personal
information is stored in a server-side database that CANNOT be
directly accessed through the Internet. This information can
only be used by the Server Software Applications in order to
provide you with a "personalized" service. The
Applications can never transmit your data to any other program
or process. | |
| Solid as Fort Knox.
Because all data is stored on our servers, you will not have to
worry about back-up procedures. Resa Corporation guarantees that
the data that is uploaded, and maintained by genuine RASP
licensees, will be stored, backed-up, and (if necessary)
restored to our web server machines. Resa Corporation guarantees
that your (corporate) data is available 24 hours a day, and 365
days a year (though we cannot be held responsible in the case
that Internet connections are not available). Corporate
licensees may be served by separate powerful (secured) server
machines. | |
| Secure Gates through thick walls.
Corporate clients usually have some sort of security software
such as 'firewalls' installed on their LAN, just as the Resa
computer labs are protected by and hidden behind a variety of
walls, restricting incoming or outgoing access. For this reason
RSWS was designed as a web server and a tunnel server. The
tunnel allows you secure passage through any kind of security
wall that may have been installed. The tunnelling mechanism can
be extended indefinitely allowing secure data transmission
through the World Wide Web, and through any firewall. | |
| Speak any language.
It does not matter what kind of data encryption you prefer. All
communication traveling through the RSWS tunnel can be
en/decrypted by whatever methodology you desire: RSWS allows you
to integrate any (D)COM-enabled data encryption component for
encryption purposes. This is only needed if you do not wish to use
our standard encryption methods (including, but not limited to:
3 DES, RC4, OTP, RSA, etc...) | |
| Distributed Computing.
Denial of Service attacks may knock down one, two, or even
several open-access tunnel servers, but the real networks that
are hidden behind them are always left intact! Also, the more
tunnel servers we install the more secure we are. As a security
precaution, we have set up several independent tunnel servers
that are available to our corporate customers. In the case of an
attack, customers may simply switch (or be redirected to)
another server. The addresses and locations of these servers may
change at any time and are only known by Resa Corporation. | |
| What you own is what you see.
RSWS does not allow a user to view any data, reports, or
analyses (not even temporarily stored html code) of any other
user, unless he is explicitly allowed to do so. It does not
matter how many users are connected and working simultaneously:
every command the user fires at the server must be authenticated
and verified. | |
| Smile! Your are filmed!
Every user action, every computation on behalf of a user, every
down- or upload, and every error is time-stamped, identified,
and recorded. This allows us to trace illegal practices (such as
attempts to break into the computer system) and enforce the Resa
End User License Agreement. Our clients do not have to worry
about anyone observing or manipulating corporate data without
leaving a trace. | |
| Trust Administrators.
RSWS does not allow ANY user to view ANY content of the server
machine that was not explicitly set for viewing by the RSW
Server administrator. More importanly, our administrators can
never manipulate sensitive data on their own: it takes a group
of administrators (of different hierarchy) to manipulate core
programs, data, or parameters. | |
| Safe Content.
Resa Corporation rated with RASC. Hereby we help to protect
children while protecting free speech on the Internet (see www.icra.org). | |
| Outstanding technology.
All RASP Server Component Applications are developed with
Distributed COM (DCOM) technology. This enables us to install
and deploy all Distributed Server Components at our server sites
(Windows NT LANs). Through the use of the DCOM technology,
server-side security features at the component level are
ensured. This is just one of several defence barriers to be
tackled in order to get to the core data and software. | |
| Even better technology.
Resa Corporation develops all of its Server Components with
additional security features at the object level. This includes
(but is not limited to): encrypted storage of data on our
servers, assignment of access-rights for each individual user or
group of users, expiration dates, encryption with variable keys,
tunneling monitoring, DCOM logging, database-independent (ADO)
security features, etc... | |
There are still some security features to be developed and/or
implemented:
Secure Socket Layer (SSL) communication between the client browser
and RSW. This feature will be operational in the near future, when
the Resa Server Certificate has been thoroughly tested.
Even better protection against Denial of Service Attacks.
|
|
