1CapApp Security White Paper 1.8

1CapApp policies, procedures and technologies described in this paper are detailed as of the time of authorship. Some of the specifics may change over time as we regularly innovate with new features and products.

Infrastructure Security

1CapApp runs under Linux in a cloud infrastructure (Amazon Web Services.) This infrastructure includes a network and hardware that supports the provisioning and use of resources to provide realtime text streaming. The infrastructure is designed and managed according to security best practices as well as a variety of security compliance standards. As a customer of 1CapApp, you can be assured that our web architecture is created on top of the most secure computing infrastructure in the world.

Physical and Environmental Security

Our servers are state of the art and utilize innovative architecture and best practices for engineering technology. Our IT team has many years of experience in designing, constructing, and operating in-the-cloud environment. This experience has been applied to the 1CapApp platform and infrastructure. Our servers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professionals.

  • Customer endpoints are secure (HTTPS) SSL-terminating load balancers which allow our customers to establish a secure communication session between 1CapApp and their computer. 1CapApp maintains redundant servers to help keep our customers connected.
  • Writers connect to 1CapApp through an encrypted/secure SSL connection.

Customer View Page

  • A customer (viewer) connects to the 1CapApp platform using a secure WSS (Web Socket Secure) and HTTPS SSL encryption.
  • Text streams seamlessly from the 1CapApp server to the viewer’s computer using the HTTPS/WSS SSL protocol.

1CapApp Server Process

The text streaming for each secure session is stored in separate in-memory (RAM) DB tables and is encrypted and kept for 3 weeks; or, for highly confidential sessions, the data can be deleted immediately after the session ends. The data server is closed to the outside and the server utilizes a firewall (only HTTP and HTTPS ports are open). Limited access is given to the 1CapApp server (IT Developers and Server Administrators). The 1CapApp server is running under Linux and is updated daily with the latest security patches. The server is monitored daily for DOS and string attacks.

Private Sessions

A private session can only be accessed by a customer (viewer) who can provide proper credentials (password). A customer can also log in using private Google ID sign on. Passwords are encrypted so nobody can access the database and read the passwords. Forgotten passwords can only be fixed by contacting the 1CapApp support line or the viewer has the option to create their own.

Additional Security

Administrator has the ability to restrict access to the view page by a range of IP addresses. Administrator can also “kick out” an IP Address at any time during the live session. 

1Connect

1CapApp provides a free software utility (1Connect) that connects a writer’s CAT software to the 1Capapp server. 1Connect was developed by the 1CapApp IT team and provides a secure/encrypted SSL connection using a COM Port or a TCP/IP Port. Tactical Software Serial IP can also be used to connect to 1CapApp.



Notice

2016: This document is provided for informational purposes only. It represents 1CapApp’s current security offerings as of the date of issue of this document forward which is subject to change without notice. Customers of 1CapApp are responsible for making their own independent assessment of the information in this document and any use of our service. This document does not create any warranties, representations, contractual commitments, conditions or assurances from 1CapApp or its affiliates, suppliers or licensors.