خصوصية ديجيتال سيف، المواصفات الفنية والأمان

الخصوصية

إن خدماتنا متوافقة مع المواصفات و المقاييس التالية:

  • قانون إدارة أمن المعلومات الفيدرالي السويسري(FADP),
  • حرية المعلومات وحماية الخصوصوية (FOIPPA),
  • نظام حماية المعلومات الشخصية والوثائق الإلكترونية (PIPEDA),
  • قانون إخضاع التأمين الصحي لقابلية النقل والمحاسـية (HIPPA),
  • إلزام معيار أمن بيانات صناعة بطاقة الدفع (PCI-DSS).
  • لا يوجد اقتحام لقانون الباتريوت الأمريكي!
  • لا يوجد اقتحام ATA!

المواصفات الفنية

دعم النظام

يدعم ديجيتال سيف أي نظام تشغيل وأجهزة الكمبيوتر قادرة على تشغيل أي من المستعرضات التالية:

  • انترنت اكسبلورر 7 أو أحدث
  • فيرفوكس 3 أو أحدث
  • سفاري 4 أو أحدث
  • كروم 4 أو أحدث

أنظمة التشغيل المدعومة تتضمن وليست محدودة بـ(32bit and 64bit):

  • Windows XP
  • Windows Vista
  • Windows 7
  • Mac OS X
  • Linux
  • FreeBSD

البنية التحتية لمركز المعلومات

هيكلة أجهزة معتمدة من قبل PCI-DSS:

  • مراقبة مباشرة من جهات خارجية لجميع الخوادم، أجهزة الشبكات والبيئة.
  • خوادم تطبيقات متكررة مع قدرات كاملة لتجاوز الفشل
  • خوادم قاعدة البيانات متكررة مع قدرات كاملة لتجاوز الفشل.
  • اتصالات الشبكة مع قدرات لتجاوز الفشل
  • وصول المقاييس الحيوية لجميع المرافق
  • كاميرات مع نظام كشف الحركة
  • نظام نسخ احتياطي داخلي وآلي يمكن من الاصلاح السريع في الحدث النادر لفشل ذريع.
  • مرافق لمركز معلومات صديق للبيئة 100% ومشدد
  • (مراجعة خلفية لجميع الموظفين متضمنة الطاقم الاداري)
  • جميع المعلومات مخزنة في المستوى الثالث لمركز المعلومات في سويسرا.
  • مركز المعلومات حاصل على شهادة ISO 9001:2000 ومعتمدة من قبل شركة SGS السويسرية
  • (يتوافق مركز المعلومات مع الارشادات الأمنية الخاصة بالمصارف الفدرالية السويسرية SFB
  • اتفاقية مستوى الخدمة من 99.999%
  • ضمان خصوصية وأمان سويسري كامل!

التشفير

في ديجيتال سيف، تنتقل جميع المعلومات بالإضافة إلى معلومات مصادقة المستخدم عبر الانترنت وتخزن على خوادمنا بشكل مشفر.

جميع اتصالاتنا بخوادمنا، ولجميع المستخدمين، محمية بـ2048 بت بإستخدام التقنية الآمنة SSL.

كلمات المرور

جميع كلمات المرور مشفرة عن طريق خوارزمية بكربت . يتم إغلاق الحساب بعد عدة محاولات فاشلة لتسجيل الدخول و / أوالتخمين الخاطئ لكلمة المرور. التخمين المبني على الوقت ليس ممكنا بسبب طبيعة عمل تشفير بكريبت.

عندما تنتهي الفترة المخصصة لترك الجهاز بدون أي حركة فإنة يتم تحويل نافذة المستعرض إلى صفحة تسجيل الدخول.

الملاحظات

يتم حفظ الملاحظات على جهاز الحاسب المركزي ويتم تشفيرها باستخدام تشفير AES-255 ويتم تخزين مفتاح التشفير على جهاز حاسب منفصل، لا يمكن الوصول إليه عبر الانترنت.

للأمان والخصوصية القصوى، يمكن للمستخدم اختيار استخدام كلمة المرور الخاصة به لتشفير المعلومات. وفي هذه الحالة، لا يمكن فك تشفير معلومات المستخدم الخاصة دون معرفة كلمة المرور. ولا يمكن حتى لموظفي ديجيتال سيف فك تشفير المعلومات.

ولكن هذا يعني أيضا أنه لا يمكن إعادة تعيين كلمة مرور المستخدم ويتم ضياع المعلومات للأبد إن تم ضياع كلمة المرور.

الآمان المادي/ الحقيقي

إن التطبيق للملاحظات عبر الانترنت الآمن في ديجيتال سيف يقوم بتخزين المعلومات في مستودع البيانات الواقعة في سويسرا، وهي مشهورة لمعاييرها الصارمة وإدارة الجودة. لدى ديجيتال سيف البيئة المادية المطلوبة لإبقاء الخوادم قيد التشغيل 24 ساعة و7 أيام الاسبوع حتى في حال حصول انقطاع في الكهرباء وكوارث طبيعية كبيرة.

هذه المرفقات على المستوى العالمي مصممة خصيصا بأرضيات مرتفعة، نظام التدفئة والتهوية والتكييف HVAC وتحتوي على مناطق تكييف منفصلة وحوامل مبنية لمقاومة الزلازل. تقدم مجموعة واسعة من مزايا الأمن المادي، متضمنة تقنية كشف الدخان المتقدمة وأنظمة قمع الحرائق، أدوات استشعار الحركة، وصول آمن 24x7، مراقبة الفيديو وأجهزة إنذار الثغرات الأمنية.

أمان الشبكة

مراقبة الجهات الخارجية لشبكتنا بالموافقة مع معيار أمن بيانات صناعة بطاقة الدفعة الإلكترونية (PCI DSS)، لدينا بنية تحتية على مدار 24 ساعة لفحص نقاط الضعف المعروفة في الخدمات والتطبيق. ولدينا أيضا تدقيق سنوي في الموقع والذي يطول لعدة أيام حيث يتم تدقيق كل جهة من جهات النظام: من تطوير البرامج إلى توزيع الأجهزة، من سياسات الموظفين إلى إدارة كلمات المرور. على ديجيتال سيف الالتزام بأكثر من 200 معيار للمحافظة على مستوى التوافق.

التوافق الأمني لتطبق الويب المفتوح

تم تطوير ديجيتال سيف بناء على إرشادات المشروع الأمني لتطبيق الويب المفتوح (OWASP) ويتم تدريب جميع مطوري البرامج على OWASP. وفق مستلزمات معيار أمن بيانات صناعة بطاقة الدفعة الإلكترونية (PCI DSS)، فإن مطوري برامج ديجيتال سيف يعالجون أعلى 10 نقاط ضعف من OWASP.

No USA PATRIOT Act Storage

DigitalSafe prides itself in storing your information in politically and economically stable and neutral country, Switzerland. Switzerland does not abide by the USA PATRIOT Act. This ensures that your information is safe from competing predators or agencies and entities with personal motives who would pry into your privacy and steal your data without your knowledge.

We have compiled a small list of website links and sample texts in order to inform you of what the USA PATRIOT Act is. DigitalSafe has no servers based in the USA. ALL our servers are based in Switzerland where we run our Swiss online backup digital vaults platform.

USA PATRIOT Act – how it impacts business:

(All the information posted is taken from various sources. The links are provided for each section)

http://en.wikipedia.org/wiki/USA_PATRIOT_Act

The USA PATRIOT Act (commonly known as the “Patriot Act”) is an Act of the U.S. Congress and signed into law by President George W. Bush on October 26, 2001. The title of the Act is a contrived acronym, which stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.

The Act dramatically reduced restrictions on law enforcement agencies’ ability to search telephone, e-mail communications, medical, financial, and other records; eased restrictions on foreign intelligence gathering within the United States; expanded the Secretary of the Treasury’s authority to regulate financial transactions, particularly those involving foreign individuals and entities; and broadened the discretion of law enforcement and immigration authorities in detaining and deporting immigrants suspected of terrorism-related acts. The act also expanded the definition of terrorism to include domestic terrorism, thus enlarging the number of activities to which the USA PATRIOT Act’s expanded law enforcement powers could be applied.

http://en.wikipedia.org/wiki/USA_PATRIOT_Act

Title II: Surveillance procedures

Main article: USA PATRIOT Act, Title II

Title II is titled “Enhanced Surveillance Procedures”, and covers all aspects of the surveillance of suspected terrorists, those suspected of engaging in computer fraud or abuse, and agents of a foreign power who are engaged in clandestine activities. It primarily made amendments to FISA, and the ECPA, and many of the most controversial aspects of the USA PATRIOT Act reside in this title. In particular, the title allows government agencies to gather “foreign intelligence information” from both U.S. and non-U.S. citizens, and changed FISA to make gaining foreign intelligence information the significant purpose of FISA-based surveillance, where previously it had been the primary purpose.[37] The change in definition was meant to remove a legal “wall” between criminal investigations and surveillance for the purposes of gathering foreign intelligence, which hampered investigations when criminal and foreign surveillance overlapped.[38] However, that this wall even existed was found by the Federal Surveillance Court of Review to have actually been a long-held misinterpretation by government agencies. Also removed was the statutory requirement that the government prove a surveillance target under FISA is a non-U.S. citizen and agent of a foreign power, though it did require that any investigations must not be undertaken on citizens who are carrying out activities protected by the First Amendment.[39] The title also expanded the duration of FISA physical search and surveillance orders,[40] and gave authorities the ability to share information gathered before a federal grand jury with other agencies.[41]
The scope and availability of wiretapping and surveillance orders were expanded under Title II. Wiretaps were expanded to include addressing and routing information to allow surveillance of packet switched networks[42] — the Electronic Privacy Information Center (EPIC) objected to this, arguing that it does not take into account email or web addresses, which often contain content in the address information.[43] The Act allowed any district court judge in the United States to issue such surveillance orders[42] and search warrants for terrorism investigations.[44] Search warrants were also expanded, with the Act amending Title III of the Stored Communications Access Act to allow the FBI to gain access to stored voicemail through a search warrant, rather than through the more stringent wiretap laws.[45]

Various provisions allowed for the disclosure of electronic communications to law enforcement agencies. Those who operate or own a “protected computer” can give permission for authorities to intercept communications carried out on the machine, thus bypassing the requirements of the Wiretap statute.[46] The definition of a “protected computer” is defined in 18 U.S.C. § 1030(e)(2) and broadly encompasses those computers used in interstate or foreign commerce or communication, including ones located outside the United States. The law governing obligatory and voluntary disclosure of customer communications by cable companies was altered to allow agencies to demand such communications under U.S.C. Title 18 provisions relating to the disclosure of electronic communications (chapter 119), pen registers and trap and trace devices (chapter 206) and stored communications (121), though it excluded the disclosure of cable subscriber viewing habits.[47] Subpoenas issued to Internet Service Providers were expanded to include not only “the name, address, local and long distance telephone toll billing records, telephone number or other subscriber number or identity, and length of service of a subscriber” but also session times and durations, types of services used, communication device address information (e.g. IP addresses), payment method and bank account and credit card numbers.[48] Communication providers are also allowed to disclose customer records or communications if they suspect there is a danger to “life and limb”.[49]

Title II established three very controversial provisions: “sneak and peek” warrants, roving wiretaps and the ability of the FBI to gain access to documents that reveal the patterns of U.S. citizens. The so-called “sneak and peek” law allowed for delayed notification of the execution of search warrants. The period before which the FBI must notify the recipients of the order was unspecified in the Act — the FBI field manual says that it is a “flexible standard”[50] — and it may be extended at the court’s discretion.[51] These sneak and peek provisions were struck down by judge Ann Aiken on September 26, 2007 after a Portland attorney, Brandon Mayfield was wrongly jailed because of the searches. The court found the searches to violate the provision that prohibits unreasonable searches in the Fourth Amendment to the U.S. Constitution.[52][53]

Roving wiretaps are wiretap orders that do not need to specify all common carriers and third parties in a surveillance court order. These are seen as important by the Department of Justice because they believe that terrorists can exploit wiretap orders by rapidly changing locations and communication devices such as cell phones,[54] while opponents see it as violating the particularity clause of the Fourth Amendment.[55][56] Another highly controversial provision is one that allows the FBI to make an order “requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.”[57] Though it was not targeted directly at libraries, the American Library Association (ALA), in particular, opposed this provision. In a resolution passed on June 29, 2005 they stated that “Section 215 of the USA PATRIOT Act allows the government to secretly request and obtain library records for large numbers of individuals without any reason to believe they are involved in illegal activity.”[58] However, the ALA’s stance did not go without criticism. One prominent critic of the ALA’s stance was the Manhattan Institute’s Heather Mac Donald, who argued in an article for the New York City Journal that “[t]he furor over section 215 is a case study in Patriot Act fear-mongering.”[59]
The title also covers a number of other miscellaneous provisions, including the expansion of the number of FISC judges from seven to eleven (three of which must reside within 20 miles (32 km) of the District of Columbia),[60] trade sanctions against North Korea and Taliban-controlled Afghanistan [61] and the employment of translators by the FBI.[62]

http://w2.eff.org/patriot/

General information on the Act

Here are some excerpts from websites explaining the USA PATRIOT Act, and also information on the Act being renewed in 2010 by
President Obama:

http://www.slate.com/id/2087984/

Section 215 modifies the rules on records searches. Post-Patriot Act, third-party holders of your financial, library, travel, video rental, phone, medical, church, synagogue, and mosque records can be searched without your knowledge or consent, providing the government says it’s trying to protect against terrorism.

Would you know if Section 215 had been used on you? Nope. The person made to turn over the records is gagged and cannot disclose the search to anyone.

Section 218 aka “FISA (Foreign Intelligence Surveillance Act): What it does: Secret searches can now be authorized by a secret court without public knowledge or Department of Justice accountability, so long as the government can allege there is any foreign intelligence basis for the search.

Would you know if Section 218 had been used on you? Only if you were later prosecuted using information gathered pursuant to a FISA warrant. Then you’d have the opportunity to try to suppress that evidence in a regular court proceeding

Section 213: Section 213 is another extremely controversial part of the Patriot Act, engendering protest from across the political spectrum. By allowing the state to rummage first and let you know later (sometimes much later), the act upends the traditional requirement that the state advise you in advance that you are being searched.

What it does: “Sneak and Peek” warrants extend sneak-and-peek authority from FISA searches to any criminal search. This allows for secret searches of your home and property without prior notice.

Section 206: Section 206 authorizes roving wiretaps: taps specific to no single phone or computer but to every phone or computer the target may use. It doesn’t get as much attention as it should. If the government decides to tap a computer at the UCLA library, every communication by every user can theoretically be intercepted.

What it does: Expands FISA to permit surveillance of any communications made to or by an intelligence target without specifying the particular phone line or computer to be monitored.

Section 505: This section authorizes the attorney general or a delegate to compel holders of your personal records to turn them over to the government, simply by writing a “national security” letter. Section 505 has garnered a lot less national attention than Section 215—the library records section of the act—which may be why it is invoked a lot more often.

What it does: Section 505 authorizes the use of what’s essentially an administrative subpoena of personal records. The subpoenas require no probable cause or judicial oversight.

The law before and how it changed: Before Patriot, these letters could only be issued against individuals who were reasonably suspected of espionage. But Patriot loosened the standard by allowing the letters to be used against anyone, including U.S. citizens, even if they themselves are not suspected of espionage or criminal activity. These letters may now be issued independently by FBI field offices, rather than by senior officials. And unlike Section 215 warrants, they are not subject to even perfunctory judicial review or oversight.

The records that can be obtained through the letters under Patriot include telephone logs, e-mail logs, certain financial and bank records, and credit reports, on the assertion that such information would be “relevant” to an ongoing terrorism investigation. They cannot be used in ordinary criminal investigations. Unlike 215, no court order—not even a rubber-stamped order—is required. Those forced to turn over records are gagged from disclosing the demand.

Would you know if Section 505 had been used on you: Not unless some action was brought against you based on the information produced.”

Here are a few links that have information on the new and revised (and extended) USA PATRIOT Act, signed recently by President Obama.

http://w2.eff.org/patriot/20020925_patriot_act.php

(A pasted copy of the actual US patriot act on this site)

http://tastethecloud.com/content/patriot-act-and-martial-law

This section is of particular relevance to businesses:

Expands surveillance powers to grant easier government access to bank accounts, home computers, telephones, and credit card accounts based upon subpoenas issued by the Department of Justice. The entities subpoenaed to obtain information about you could not refuse to provide the information (an expansion of current powers under Patriot I). Evidence obtained that would link a person to terrorism or terrorist groups (as defined by the State Department) would not be disclosed except to a court (individuals would have no right to know why they were charged) and pretrial detentions would be mandatory. You would have little possibility of defending the charges.

http://www.eff.org/deeplinks/2010/02/epic-fail-congress-usa-patriot-act-renewed-without

(this explains how patriot act can access business files)

http://en.wikipedia.org/wiki/Controversial_invocations_of_the_USA_PATRIOT_Act

(Explains the dangers of USA PATRIOT Act)