3. To secure the authentication process,
you can require users to enter a code
that is unique to them, in addition to
their password (OTP, SMS or Yubikey
token). Authentication is then
qualified as 'strong' because it
requires the concatenation of two
authentication factors.
Authentication by
username and password
NetExplorer users log in using the
assigned username and password
chosen. Passwords are never stored
unencrypted; they are "hashed and
salted" to protect their
confidentiality.
Strong authentication
1
4
1
4
1
4
Detection of intrusion
attempts
NetExplorer includes an intrusion
detection system and can identify too
many login attempts on a user
account or from an IP address. When
an intrusion attempt is detected, the
attacker's login and IP address are
banned. The number of pre-ban
attempts and the ban time are
configurable by the administrator.
Anti-theft protection
of sessions
In order to avoid session hijacking and
identity theft through Cross-Site
Request Forgery (CSRF) exploits, the
NetExplorer platform doesn't send
any session cookies to the connected
customer, as is the case with standard
applications. NetExplorer uses a single
token that is sent unidirectionally and
not automatically.Access strategy
NetExplorer features access policies
by user group or account. It is
therefore possible to block certain
methods of access, to limit login
locations (IP address), and to
determine the time slots and days of
connection.
4. NetExplorer has a virus scanner and a ransomware detection system.
Each file deposited on the platform is analysed, regardless of the access method. Items added by
outside contributors via deposit links are also inspected. The anti-virus used is ClamAV. If the file is
corrupted by a virus, it will be rejected by the platform. Similarly, if the ransomware detection system
detects an infection, the user's account is blocked to prevent the spread of ransomware.
All data exchanged with NetExplorer is encrypted using SSL and a 2048-bit
key.
All NetExplorer access methods use HTTPS on port 443, providing maximum
security.
The SSL certificate implementation method applied by NetExplorer provides
strong security guarantees. It has been given grade A+ which is the
maximum grade. This assessment is made by Qualys SSL.
Antiviral and anti-malware protection
Encryption
Password security
The password security policy is based on the combination of three parameters:
- Minimum password length, in number of characters
- Rejection of passwords used too often (from the list of the 10,000 most frequently used passwords,
and therefore tested first in the event of attack)
- Password complexity index
Password Complexity for the user Security level NetExplorer complexity
index
1gZ6f4HsG Impossible to remember Medium (only 39 days needed to decode it) 25
We are NetExplorer Very simple Very high (1042 years needed to decode it) 35
5. Traceability
NetExplorer ensures full traceability of all actions performed by users: login, adding a file, modifying a folder,
deleting a document, etc.
All the actions are grouped together in event logs, allowing a filter and an accurate search of the various
operations. Search by:
- Keyword
- User concerned
- IP address of the user
- Date of the event (beginning and end)
- Event status: success or error
- Object type: user, folder, file, annotation, etc.
- Type of action: login, addition, modification, deletion, download, etc.
This traceability makes it possible to check and control the actions carried out on the platform, and to provide
evidence in case of dispute.
As part of the PCI DSS certification, the NetExplorer application has successfully passed the 54,000 intrusion
tests performed by the Nessus app. These tests verify the absence of application security vulnerabilities,
such as SQL injections, XSS vulnerabilities, etc.
For more details: http://www.tenable.com/solutions/pci-dss.
Before every release or upgrade, NetExplorer undergoes more than 5,000 unit tests to check for bugs and
security breaches.
Unit tests
External security audits
7. Data centres
NetExplorer servers are located in France and
more specifically in Paris. All the data stored is
therefore governed by French law and is not
subject to the American Patriot Act.
Our infrastructure operates two Data Centres
classified Tier 3+ and Tier 4: Zayo and Equinix
(ISO 9001 and ISO 27001 certified). Tier 4 (the
highest classification) provides an availability
rate of over 99.995%.
Private cloud
All NetExplorer platforms are architected in
a private cloud to guarantee an excellent
level of confidentiality. The stored data is
completely partitioned in independent areas
between customers. A NetExplorer instance
includes a customer-specific database and a
dedicated storage system.
• The database contains all the platform information
(user accounts, groups, etc.), the stored content
tree menu, and the metadata. It ensures
consistency of information and controls security for
data access.
• The NetExplorer storage system only backs up the
file's binary data in an arbitrary format that is
completely independent from the actual document
tree. In addition, the document name and its
extension are obfuscated.
CLIENT A INSTANCE
CLIENT B INSTANCE
Dedicated
database
INTERNET PROXIES SERVERS
(Applications, Web,
Database, Mini, Indexing,
etc.)
Dedicated storage
directories
Dedicated
database
Dedicated storage
directories
NETEXPLORER
PRIVATE
CLOUD
8. Availability and integrity of data
Data availability: to ensure a very high level of availability and not be vulnerable to hardware failures, the
storage system provides local and remote information redundancy.
Data integrity: the NetExplorer storage system calculates integrity every time a file is deposited. During file
transfers, a second integrity check is performed to ensure that the stored data is identical to the initial data,
and that it has not been altered during the transport of the information.
Data replication policy (backup)
Replication of files in real time
At NetExplorer, data is replicated in real time
across three different storage clusters. The first
two are located in the main data centre, and
the final server is in a second data centre,
located 30 km away. As such, in the event of a
major incident in one data centre, the data is
always stored securely in the second.
Data retention
All deleted files are kept for 30 days in the
backup logs. It is possible to restore a file or the
entire platform from up to 30 days back, even if
the document was inadvertently deleted.
Main
datacentre
Emergency
datacentre
9. ISO 27001 CERTIFICATION
A certification that guarantees the security of your data
By opting for an ISO 27001 certified company, you choose a company that :
Guarantees the security of the customer’s information and data
Controls it’s suppliers that impact the security of information
Demonstrates its continuous improvement approach
Ensures its performance with quantified indicators
Complies with the information security regulations
Respects an internationally recognized standard
The ISO 27001 certifies the establishment’s information security management system. This certification
is an international reference, recognized for its high degree of requirements.
NetExplorer is certified ISO 27001 (2013 version) for all of its activities by the international certification
organism BSI.
NetExplorer’s main concern is the protection of its customers’ data and so ensures a high level of
vigilance in terms of confidentiality, availability, integrity and traceability.
NetExplorer, at the service of your data
10. PCI DSS CERTIFICATION
PCI DSS Certification
The Payment Data Industry Data Security Standard (PCI DSS) is a data security standard initially
implemented for industries handling banking information to protect data and prevent information
leakage. See the reference website for more details.
The NetExplorer PCI DSS package
We offer (custom service) a NetExplorer platform that is PCI DSS level 3 compliant.
The perfect balance between cost and security, our PCI DSS Level 3 package includes:
- A 100% dedicated PCI DSS server (dedicated resources)
- Enhanced outsourcing
- Encryption of stored data and backups
- Nessus security audits and intrusion tests
- A final audit report issued to the customer
N.B. infrastructure certification is carried out by Nessus.
PCI DSS standard applied to your data
The PCI DSS standard provides a very high level of security and is internationally recognised. That is why
we've chosen this standard to meet your security and privacy needs.
The PCI DSS certification applied to your NetExplorer platform allows you to:
- Have a very high level of security inherited from best practices applied in the banking field
- Benefit from concrete measures to protect your data
- Attest to the security of data storage with your partners and customers thanks to an internationally
recognised standard
Recognised certification for a high level of security
11. CONTACT US
A professional team, always at your side
.fr
contact@netexplorer.fr
www.netexplorer.fr/en
TOULOUSE
11 boulevard Déodat de Séverac
31770 Colomiers
PARIS
24 Boulevard des frères Voisin
92130 Issy-les-Moulineaux