Security: A Year in Review 2013

Published: March 19th, 2013

LuxSci is constantly adding and improving its service offering.  As part of that evolutionary process, we continually make many additions and changes related to security and privacy.  This post provides a summary of many improvements we have made in this area in the past 12 months. To see last year’s security wrap up, see: Security: A Year in Review 2012.

Firewalls
SecureForm

Email Security

  • Track if messages received used TLS encryption on delivery to LuxSci by adding a special email header
  • Track if messages sent used TLS for delivery to the recipient email servers. Visible in email message tracking reportsSee: Enforcing and Detecting TLS Email Encryption on Inbound Messages
  • SecureLine messages track what kind of SecureLine encryption was used both in email message tracking reports and by custom email headers added to the outbound email (e.g. TLS, Escrow, PGP, S/MIME, or Opt Out)
  • Security Audit: The domain and account security auditing reports now include a report of what users, if any, are accessing services insecurely (e.g. without TLS or SSL) for POP, IMAP, SMTP, and FTP.See: Enhanced Email Security Reports

SecureLine Escrow and SecureSend

  • JavaScript keyboard tool added to the authentication screen so authentication can be done by mouse (preventing keyboard loggers from capturing the sensitive keystrokes).
  • SecureSend Authentication: Enable optional use of SecureSend authentication instead of a question/answer pair for identity verification so that recipients do not have to answer sender-provided security questions.See: SecureLine End-to-End Email Encryption: Easier than Ever!
  • NameSpaces: Customers can define SecureSend namespaces to segregate the recipient users belonging to their account from those belonging to other customers.
  • Customers can configure domain-wide and account-wide policies for the minimum expiration time for SecureLine Escrow messages (e.g. to ensure that they do not expire “too soon”).
  • SecureLine Escrow web sessions expire and auto-logout due to inactivity.
  • The PGP passwords used to encrypt Escrow messages are now 20 random characters long, instead of 8.
  • Message Center: Customers can now enable a Message Center where recipients can view a “unified inbox” of all received Escrow messages and access these all at any time (until they expire) without needing to have the Escrow notification message at hand.See: SecureLine Message Center – Free Centralized Secure Email Access
  • SecureLine Escrow reports now allows you to see if Read Receipts were specified and sent and what kind of authentication is to be used for the recipient (Question and Answer or SecureSend Authentication).

General HIPAA Accounts

  • Encryption Opt Out
  • HIPAA accounts are restricted from forwarding email (even over TLS) to other LuxSci accounts that are not HIPAA compliant.
  • HIPAA accounts are restricted from using SecureForm to send form data to addresses hosted by LuxSci that are in non-compliant accounts.
  • WebAide optional encryption and auditing is enabled and enforced on in all HIPAA accounts.

Email Filtering:

  • Simple rules for allowing users to block inbound non-secure email messages (e.g. ones that are not TLS, SecureLine Escrow, PGP, or S/MIME)

WebAides:

  • Global policies are in place which allow customers to have WebAide encryption and auditing automatically enabled on all supporting WebAides.
  • Security Audit reports show these encryption/auditing policies.

Private Labeling:

  • Customers can enforce minimum password strength requirements on their SecureSend users. See: Private Labeling

Affiliate Portal – See: Affiliate Program Improvements

  • Block password guessing by locking out IPs for a time after 5 failed logins
  • Track and report on successful and failed logins
  • Logout users after 1 hour of idle time.
  • Improve storage of affiliate passwords

Password Storage

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.