Harder to break
Automated attacks on internet-based servers occur at high frequencies. NetSeries has never been successfully broken into or compromised, despite running on our own dedicated internet servers without interruption for many months at a time. This is in part due to its specialized nature. A general-purpose webserver, such as Microsoft Internet Information Server or Apache, is a jack-of-all-trades. As it does many different things there are potentially many different areas that can be exploited. NetSeries lacks the general scripting capabilities of these servers — it is dedicated to just serving Question Tools generated content and collecting the results. When NetSeries receives many of the commands that are used to compromise general webservers it simply responds with a redirection request to a logon page. In short, there is simply much less for a malicious user to exploit.
Encrypted logon
Our Elan products allow usernames and passwords to be encrypted as they pass over a network, and yet this is achieved without using the time and processor-intensive https encryption used for credit card processing. While no scheme is unbreakable, a successful attack would have to capture both outgoing and incoming packets and match up the messages.
IP address authentication
Most security breaches occur when usernames or passwords are stolen. Question Tools Elan allows ranges of network addresses (IP addresses) to be specified, so that a person with a stolen username and password could not log on if they were not within the organization's network. Individual administrators can have their log ons tied to specific computers. Providing a modern firewall is used to prevent IP-spoofing, an IP address cannot be faked. A malicious user with a correct username and password cannot log on from just any computer — it has to be the right computer, and they will often have no way of getting to the correct computer and even no idea of which one it is.
|
|
Session management and file serving
NetSeries keeps a watch on what each user is doing. It does not allow a user to log on from more than one computer at a time. Probably, more importantly, NetSeries does not serve files as a normal webserver might. It is simply not possible for someone to ask NetSeries directly for a file, such as a document with sensitive data with scores or original questions.
No plug-ins
Question Tools has no web player or web browser plug-in, but instead uses the considerable abilities already built into modern web browsers. Web browser plug-ins are really small applications. As a result they can allow viruses (more accurately called Trojan horses) into a computer, and most well-managed networks do not allow web browser plug-ins as a consequence. The result is no open doors, no plug-ins and a happier IT department.
Multiple browser support
Continuing concerns over the security of Internet Explorer might lead some IT departments to switch to another web browser, such as FireFox. Many web applications will only work in Internet Explorer. This is not true of Question Tools, which works with any modern web browser.
Safer deletes
Most data loss occurs because of human error. It is very easy to delete the wrong thing. NetSeries does not delete anything marked as deleted for 30 hours — long enough to retrieve an error. This time period can be set to be as long as 120 hours or as little as just one hour.
|
