What type of virus security is included in the PrinterOn global cloud servers? - c06330148

Outbound access is required on the ports 443, 631 and 80 and that all connections are outbound.

Documents pass through the system via SSL connections and are delivered to the JQE. They are not retained in the cloud. (Documents will remain in that cloud for seventy-two hours if not downloaded, after which they clear). Library can set how often PDS checks to download for example each minute is common. MPS uses an application installed on the JQE to make an OUTBOUND connection via SSL to the cloud. Generally speaking outbound connections via SSL do not require the opening of any customer firewall ports. As long as the JQE can access the Internet there should be no added network requirements for the customer. Since the JQE initiates a connection and uses SSL there is a single connection to the cloud service and no connection between the Library Wi-Fi network and the Library LAN. All data is encrypted

Standard ports:

• 631 - checks for available print jobs on MPS servers
• 443 - used within the Remote Listener
• 80 (if IIS is on the same machine as the JQE this may need changing)
• Patrons can use the cell network for phones and tablets. Patrons using the Library’s Wi-Fi are making a connection to the Internet and not the JQE

Encryption

Print jobs are encrypted using a randomly generated 128-bit AES key unique for each print job. This AES key is subsequently encrypted using an RSA keypair with a 2048-bit private key and a 1024-bit public key to protect the data encryption key. Web-browser jobs use a 128-bit SSL connection and smart phone jobs use a 128-TLS connection. Print jobs are rendered into high print data and encrypted and compressed before transfer to the print delivery hub in the secure data centre. Print data is downloaded to the print release software (PDS and LPT:One) using a 128-bit SSL connection. The data is decrypted and compressed before sending.

Data Centre

The Hosted Server runs on infrastructure in facilities owned and operated by our partner in Canada/US. The servers are clustered and have UPS systems. They are monitored 24 hours/day and are only accessible by secure ID card and access is limited to those partner employees required to maintain and monitor the service. Products and services from McAfee and VeriSign are utilised including enterprise class anti-virus software, security monitoring software and auditing services software. These tools are used to ensure that the system is consciously and proactively addressing all current and future potential security threats.

We can only support certain file formats due to being a printing service, so things like .exe and .msi are not accepted. We do not allow macros within Microsoft Excel and Word documents either, which are a common method of delivering virus

All the Office products are configured with Macro's disabled. Adobe Flash and Oracle JRE are not installed on PAS servers. Internet Browser is set to NOT run scripts and Active X is disabled. Mail servers are configured to use Spam Assassin and ClamAV to scan each message as it comes in via email. PAS servers are scanned using McAfee. Each PAS server has a unique passwords for each account.