HomeFrançaisContactCoordinatesprivate area
PnS Concept, now you can trust the Internet. Plug and Secure. width=
CompanySolutionsServicesSite map
ConsultingWeb sitesSupportTrainingSecurity Tips

Security tips


Security on the Internet

Let's remind some risks related to information systems and Internet transfers.
Hackers are seldom "computing geniuses". Actually, it is very easy, on the Internet, to find tools allowing to discover flaws, to listen to transfers on a network... Fortunately, by following rather simple rules, it is possible to work securely and to protect confidential data.
The main risk lies in the ignorance of dangers.
PnS Concept solutions are developed in conformity with security rules, and can complement usefully an information system, because they ease, while protecting them, file transfers.

General security guidance
Backups
Disclosure of personal data
Protecting data through encryption
Digital certificate
Firewall
E-mail risks
Security updates
Identification & authentication
Protecting access codes
Virus
Trojan
Phishing
Electronic intelligence
Login session
FTP risk

General security guidance


Security tips

Advices o prevent usage of networks to steal information (CNRS, Security Guide for Managers; courtesy of Mr Robert Longeon):
- Use a network architecture likely to forbid, or at least complicate, any fraudulent attempt to get into the system.
- Watch permanently external connections, in order to detect as soon as possible any odd access.
- Manage strictly logins and passwords, being especially careful to grant non permanent personnel rights only required for their tasks, and to withdraw these rights immediately at the end of their contracts.
- Impose additional precautions to personnel wanting to connect from the outside - and furthermore if they travel abroad - , for instance the usage of one time only passwords.
- Use, if necessary, the new encryption methods to ensure mails and data transfers are confidential.
- The more sensitive works and confidential files should be stored only on machines physically disconnected from the network.

Backups


Backup

Information Systems are not only vulnerable to external attacks.
Fire, flood, explosion, carelessness, mistake or malevolence of an employee can damage systems and data.
Thus, information and data the company cannot afford to lose should be stored in a distant and safe location.

Are your backups correctly done and stored?

Never disclose your data


Protecting data

Attempt to steal your data by e-mail: phishing.
Numerous e-mails seems to come from banks asking your identifier, secret code, credit card number and validity date… after having clicked on a link.
Never answer these e-mails: they are fraudulent.

Stay true to the rule of thumb: "Never give your identifier or password in a situation other than the one when you decide to connect yourself. "

In PnS Concept solutions, password are encrypted, and are never disclosed, even to administrators.

Protecting data through encryption


Protecting data through encryption

To encrypt all data transferred, PnS products use SSL (Secure Socket Layer) 128-bit security protocol, highest level of encryption allowed in France.
Encryption encodes your data before transmitting them on the Internet.
Https:// in front of the address of a site, or the display of an icon looking like a key or a lock (depending on your browser), is a proof that the site you are browsing is secured by encryption, and the information you enter on a page is protected.

All transfers done with solutions based on ConfidenceMail are encrypted, especially passwords are never sent unencoded, and file transfers are encrypted too.

Digital certificate


Digital certificate

A digital certificate is the equivalent of an electronic ID card.
It is thus strictly associated with its owner. Using a certificate together with electronic signature guaranties:
· authentication of participants: to know and validate the identities of all participants,
- integrity of the message: prevent data modification,
- confidentiality of messages: prevent improper reading of data.

PnS Concept will deliver your electronic certificate, which will be a testimony of your professionalism and of the confidentiality of the data transferred.

Firewall


Firewall

PnS Concept solutions use firewalls to prevent possible viruses to spread in your system, as well as forbidding access and information gathering by non authorised persons.
Firewalls can also be installed on your personal computers to protect from intrusions and viruses.
A firewall is especially required for any workstation that can connect directly to the Internet.


e-mail


Danger

Usually, an e-mail sent or received on a standard address (e.g., yourname@hotmail.com or yourname@bt.co.uk) is neither secured nor encoded, and its content is not protected.
As a result, sensitive information, either personal or professional, transferred though e-mail can be captured by third parties. We thus recommend that you don't transmit sensitive personal or professional information. Never send your secret codes through e-mail.
For all sensitive data, use secured transfer and storage systems.

PnS Concept solutions use e-mails for collaborative work. The messages do not contain sensitive information.

Security update


Security watch

Browse regularly the Internet site of the Operating System of your computer (especially for Windows or Mac) for "patches" (add-ons) or updates of your system or browser: you will then have the latest updates on security issues. Windows has a standard procedure to help you doing that.

Update regularly your antivirus and your firewall.

Identification & authentication


Confidential

When you connect to your Plug and Secure site, it will ask for an authentication.
You then enter your identifier or user name and your secret code to gain access to your data. The encoded information received by the Plug and Secure server is then controlled, and the authentication is verified before your information is displayed.
No information is transmitted unencoded.

Protecting access codes


Protecting access codes

Your password is the only way to access your data. To protect it, follow the advices below:
o Create a password made of different digits and characters.
o Avoid secret codes you already use for other online services such as e-mail or instant messaging.
o Choose a password you're the only one to know, and which cannot be easily guessed by someone else.
o Do not associate your secret code with personal data such as names, birthdays, telephone number…
- Remember your password, never write it and do not give it to anyone.
- Be sure nobody watches you when you enter it, and change it if you think someone has been likely to find it.
- Change regularly your password.

PnS Concept forces the users to modify their passwords on first connection, then at regular intervals. The password is encrypted in the database, even the administrators cannot know it.

Virus


Virus

Do not open e-mails and attached files when you don't know the origin: they can include a virus which, once opened, could damage your computer, or make it do non wanted tasks. First, verify the attachment with an up to date antivirus.
Do not let your computer become a "zombie" or a spam relay.
PnS Concept verifies uploaded files with an antivirus, and thus protect users.

Trojan


Trojan

A Trojan is a kind of virus hidden behind another program.
Trojans are often sent as e-mail attachment. They can look like a game or other attractive files. Once opened, the Trojan can damage your computer, delete folders or change your desktop. It will send himself automatically to other persons from your address book to spread. Do not open messages of unknown origin.
Install up to date antivirus and firewalls.
PnS Concept solutions have several layers of protection, including firewalls and antivirus.

Phishing


Fishing

Some fraudulent e-mails are used to send false information supposedly sent by known organisations (banks). In the message, you are asked personal information to update your data. The aim, by deceiving you, is fraud, assuming fraudulently your ID or infection of your computer.
Never transmit sensitive or personal information by e-mail or in your Internet browser. d.

Electronic intelligence


Control of your data

Recording by a spying program of data entered can be used illegally to record the keys pressed, to steal your identifiers and secret codes or other information. The risk is higher on computers used by a large number of users such as in Cyber cafés.
A strong authentication system (non permanent secret code) is required to be protected.

Open login session


Open connection

To increase security, PnS solutions use a session interruption procedure: if your Internet session stays inactive for several minutes (duration configured by the administrator), the system will then end your session automatically.
Do not stay logged more than necessary.
At the end of your work, close your browser or end the connection by clicking on "Log out".

FTP


Danger

Very often, when size or data amount limits prevent using e-mail, FTP (File Transfer Protocol) is the backup tool allowing you to transfer.
In its usual implementations, FTP doesn't use any encryption to protect data, neither for authentication nor for data transfers.
FTP is no better secured than classical e-mail tools.

PnS Concept solutions allow to transfer large files without compromising security. In addition, administrator work is simplified. Users can now allow a person of their choice to download or upload files on the collaborative platform.

Printable version