With an ever-watchful eye on the ever-evolving nature of security and the threats to that security the developers of pasPortal have adopted the philosophy that a stronger encryption framework serves our customers better than being able to support the widest array of browsers and devices. To this end several widely accepted security protocols, ciphers, hashes, and key exchanges have been judged as inadequate by our security team and are not available for use in favor of those known to be highly secure. The pasPortal encryption framework adheres to industry best practices as well as those defined by PCI and FIPS 140-2 standards and our encryption framework is constantly reviewed to ensure as industry standards evolve that pasPortal is a leader in early adoption of these changes.
Despite the widespread use of Secure Sockets Layer (SSL) as a protocol for securing web sites, services, and applications it is vulnerable to many security flaws and while it is admittedly difficult to exploit those vulnerabilities it is possible. To that end pasPortal does not support the use of SSL and instead relies upon the more secure Transport Layer Security (TLS) and even then only the latest versions known to not have flaws which cannot be safely mitigated.
We recognize that several well-known and commonly accepted ciphers such as the Rivest Cipher (RC4) cipher suite are also vulnerable to exploits and as such are dependent solely on Advanced Encryption Standard (AES) 256-bit and higher ciphers. We also restrict our hashing technology to Secure Hash Algorithm (SHA) and our key exchange infrastructure to Public Key Cryptography Standards (PKCS).
Encryption is employed throughout the pasPortal architecture to protect both the communication of data on the wire and data at rest.
Communication between browsers and pasPortal web applications and services are initiated over TLS encrypted sessions secured using public key infrastructure components including X.509 certificates. This technique allows for the support of nearly all modern web browsers and operating systems.
Communication between pasPortal and core database servers is also protected using TLS and X.509 certificates and databases servers themselves additionally employ Transparent Data Encryption (TDE) which ensures that data is encrypted at rest within the file system (to include database backups) and in memory.
Copyright © 2023 pasUNITY, Inc.
Send comments on this topic.