Your INFORMATION is SAFE with WEESIGN
In order to keep your information safe and our system invulnerable to any cyber attacks, we created WeeSign under the following protocols, settings, and principles:
AMQP- widely used to protect financial transactions
Advanced Message Queuing Protocol (AMQP) is an open standard protocol for transferring business messages between organizations or applications. Designed with the goals of providing security, reliability and interoperability, AMQP is widely used for protecting financial transactions.
Secure Socket Layer is a security protocol which allows the establishment of encrypted links between a browser and a web server while interacting online.
All requests from the clients go through the API gateway. Therefore, the API gateway is safe from any from unauthorized users.
Here are some of the security mechanisms applied to secure the API gateway:
- Private API keys
- Restful API endpoints
- Easy monitoring
- Performance at any scale
- Flexible security controls
- Access Management (IAM)
Customary Security Settings
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It is the protocol that allows communication between the website and the browser. Using “S” at the end means the communication between the website and the browser is secured and encrypted.
Port restriction is used to restrict a port and wide range of ports in TCP/IP configuration to a specific user profile.
Domain restriction allows users to access data only within the domain boundaries which are set up for the security profiles assigned to them. When a domain is assigned to a security profile, it considers priority over other security permissions.
Once domain restrictions are evaluated, individual security profiles are examined to determine log and network permissions.
To access the services for internal communication within the organizations, IPs can be restricted to limit or provide access to specific IPs. It can keep internal data secure from the outside parties.
AWS Bucket Policy
A bucket policy is a resource-based AWS Identity and Access Management (IAM) policy that enables to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it.
The bucket used for storing the file will be secured using the AWS Policy and will be not accessible outside of the domain.
Secured S3 files
All files are stored privately in S3. For accessing them we need the signed URL using AWS IAM. Every URL requesting for signature will expire after 5 days of being created. A new URL for requesting signature can be generated after the previous one expires.
Only authorized IPs can access the database directly. All others are restricted.
Security Settings against different Cyberattacks
Among the most important principles guiding WeeSign is the proper safekeeping of personal information. Every finalized file, signed in WeeSign is encrypted; personal information is also encrypted; every account is confirmed via email; and every information node is protected using the highest standards. WeeSign is built around principles to defend against cyber threats, such as the following:
System against DDOS (Distributed Denial of Service) attack
With the help of our system to monitor traffic, to prevent any DDOS attack, any event will be blocked if it happens more than x times per second.
X-XSS Protection against XSS (Cross-site scripting) attack
The xssFilter middleware can set the header, X-XSS-Protection to protect from reflected XSS attacks.
XSS attacks are cross-site scripting attacks in which malicious scripts are injected into trusted websites. It occurs when a hacker uses a web app to send malicious code as a browser-side script to a different end user.
X-Frame-Options header against Clickjacking attacks
Clickjacking attacks are those attacks where an attacker wants the user to click something that they actually want to click by hiding the actual button/link behind something else.
We use the X-Frame-Options header, which ensures protection for the webpage from being hid in an iframe.
Blockchain for Cyber Security
BlockChain Distributed Ledger Technology
The Distributed Ledger Technology is a consensus of replicated, shared, and synchronized digital data geographically spread across multiple sites, with no centralized data storage.
One traditional way of storing data is to centralize its storage under one control in one database. If all information for a system is stored in one central database, it makes the system vulnerable to cyber attacks given that all the information is in one place. To protect against this known vulnerability, WeeSign uses distributed ledger technology.
WeeSign is built upon the latest Blockchain’s Distributed Ledger technology to protect against cyber attacks.
How does it work?
All information is distributed among nodes. Each node maintains its own identical copy of encrypted data and they are all extremely difficult to hack and alter the data. To alter or destroy a blockchain, a hacker would have to corrupt the data saved on every single node in the network at the same time. This is highly unlikely, if not impossible.
Information stored in WeeSign’s private blockchain is all encrypted, which makes it even harder for any cyber attack to be successful. Larger blockchain networks have a lower risk of getting attacked by malicious parties due to the complexity required to penetrate a wide network. With WeeSign, anyone can sign any .pdf or .doc file, and because of this, the size of our network is not limited to a certain industry or practice–it has no upper limit.
Hyperledger Sawtooth – our own private blockchain
WeeSign’s private network is built upon Hyperledger Sawtooth. This means nobody outside the system has access to the sawtooth network, the nodes, nor the data stored on the nodes. Also, all data is stored in encrypted format into the chain.
All nodes maintain their own identical copy of the ledger. This architecture allows for a safer and faster recording system that goes beyond being a simple database.
WeeSign has implemented a highly efficient consensus algorithm called POET (The Proof of Elapsed Time).
For more details Please follow the following link