EDI-X System security

All computer users, especially commercial users of Internet Services should meticulously administer their computer networks security

It has now become a regular occurrence that the major software companies issue bulletins advising of the need to patch their software to protect against some newly discovered vulnerability.

Malicious code in the form of Viruses, Trojans and Spyware etc are more prevalent than ever, spreading rapidly over the web and via email. Unsuspecting users and poorly protected systems are an easy target.

With attacks coming in so many different forms, the first line of defence is to keep systems up to date with the latest software patches, anti virus software which is updated regularly and the use of a suitable, properly configured firewall.

Internal security breaches are common. Systems holding confidential and sensitive information must be properly secured.

Protecting Data
With eBusiness systems, security is essentially about ensuring the end to end integrity of the data.

We need to know that both the data and person sending it are properly authenticated. Doing this while the keeping the process efficient and seamless is the goal.

The Approach
We firstly assume that organisations have their computer systems properly set up and maintained. A poorly secured system and careless practices, by far, provides the greatest risk.

When considering the security requirements for the EDI-X^® System we wanted to use methods that are both easy to implement, for all users in all situations, while still providing the necessary level of security.

Some solutions rely on 3rd party VPN client add-ons, but they are difficult implement, maintain and place an extra burden on system efficiency.

In designing the security model for the EDI-X^® System we considered the commercial sensitivity of the information being transacted. In many cases, this information is of no interest to any other person. For these users, beyond what would normally be expected, added security is not an issue. But there are some organisations that exchange extremely confidential information and the EDI-X^® System must ensure that these transactions are sufficiently protected.

Many companies have there own internal requirements for applications installed on and using their business networks.

As well, some trading communities such as AANX have specific security requirements for applications that connect to their network.

Application Level
It is essential to try to insure that the person who firstly creates and then sends a document is actually authorised to do so. With the EDI-X^® System we have put in place measures to cover this scenario.

Before using X-Trader for the first time, User Accounts must be set up by the administrator and permissions assigned.

The user is required to log on when the application opens and again with separate credentials when performing Send/Receive.

The security level can be set by the administrator or automatically configured and locked as may be required by the trading community network.

Ultimately this approach relies on the integrity and proper administration of internal procedures by the organisation using the system.

Transaction Level
X-Trader connects with the EDI eXchange server using secure HTTP protocol (HTTPS) Internet connection over Port 443 and SSL 2 security layer.

Authentication credentials, Username and Password are encrypted.Both the User Account and Log-on details are recorded along with the message providing information about who created and as well as who sent or requested the documents.

The system we've adopted is one that's currently successfully used by other similar secure enterprise web services and provides a high degree of security for the transacted data. There is no need to install additional 3rd party security software or perform complex system reconfiguration.

EDI eXchange Server Security
The EDI eXchange Server is built to an extremely high level of reliability and redundancy with the intention to provide near 100% continuous uptime.

We use only enterprise server hardware and software. An individual machine is used for firewall, web server and database/translation operations. Each has redundant SCSI RAID disk arrays and several other redundancy systems. We maintain another machine as a 'warm backup' which can be brought on-line within minutes if there is an unrecoverable failure of one of the primary servers. The entire system is protected by an Uninterruptible Power Supply. Each server has complete remote administration capability.