Infrastructure and Firewalls
Claromentis is a true multi-tier web based application that can support and work with any infrastructure of firewalls, VPNs and access via login screens with encrypted passwords:
The system can be accessed internally as an intranet, or through outer firewalls as an extranet.
Example Security Configuration using Proxy Server and Distributed Data Storage
SSL
The system supports SSL, so that login pages can ensure encryption during transmission, and the password as entered – unencrypted – cannot be intercepted during transmission. Passwords within Claromentis are only ever stored encrypted and so can never be obtained by any other user.
Strong Passwords
The system supports strong passwords. This allows each customer to implement as strong a password policy as they wish. This specifies how many days each password is valid for before it needs to be changed, and how many days it can be used after that before blocked. If strong passwords are required then Claromentis will check for at least one number, lower case and uppercase letter in any password. This prevents dictionary hacking.
Claromentis also supports single sign on through LDAP.
Revision History and Audit Logs
Every activity in Claromentis is monitored, unless you chose not to do so.
This audit also captures the IP address, as well as the user identity, the data concerned and the action performed. This data is easily exported to Excel for analysis as required. In addition for any document it itself can be audited from an icon at the document details screen.
By clicking on the document audit icon, an authorised user can see all events that has happened to the current version of this document, for example it was viewed, metadata edited or any other relevant event.
MD5 Hashing
IF enabled in the configuration of the system Claromentis will also check if files have been changed in any way outside of Claromentis itself, by someone finding the actual file on the network ( this is not easy but of course possible ) and changing it and replacing it directly.
This is done by storing an MD5 hash key with the document each time it is legitimately edited. When the document is checked by pressing ‘verify’ the hash key is again created, and compared with the stored version. It is not possible to even add a space character to a file without changing the MD5 Hash Key, so we can be certain that the document has not been tampered with in any way, directly on the system.
Distributed Document Store
As indicated in the diagram above Claromentis can maintain a completely distributed system of locations for the actual documents, so that more sensitive documents can be physically stored in more secure areas.
Claromentis Permission System
Claromentis itself prohibits unauthorised access to documents that a user does not have permissions to at least view. They will not be visible, nor folders, and they will not return in searches.
Permissions are allocated by means of extranet areas, roles, groups or individual user names, and any required combinations of these elements.
Although permissions can be allocated as required on individual files we normally recommend they are allocated at the folder level, so that users simply add files to the correct folders and know that permissions are allocated correctly.
