AWS security model

AWS built-in security

Amazon offers a multitude of security documentation​ on their website.​ Highlights include information on DDOS prevention​ and​ Database Security. OpenFin leverages these managed services at all layers of its application stack, including Amazon’s VPCs, storage solutions and Docker Container Orchestration (ECS).

AWS security practices

OpenFin’s deployment environment follows AWS’ best security practices. Critical computing resources run in a private subnet, with controlled SSH access and limited inbound firewall scope. Any AWS access is restricted to users with MFA enabled and applied least privileges policy.

OpenFin has real-time alerting and monitors in place to ensure staff are aware of changes on the infrastructure or resource issues. Duplicated sandbox are available to enable testing. The entire backing static assets for OpenFin’s CDN are geo-replicated to a west-coast datacenter and can be available via a direct HTTPS url without edge-termination. Additionally, all databases are backed up daily, available across multiple datacenters and encrypted at rest.

Asset security

Every time an OpenFin product is built, the CI process ensures that the executables are digitally signed and have a valid certificate from Comodo. OpenFin’s CDN is using an SSL connection to protect against man in-the-middle attacks. Additionally, the OpenFin RVM (Runtime Version Manager), verifies that the files are signed and valid. If the files are not valid, the RVM prevents them from starting up on the desktop.

To ensure OpenFin files are compatible with the various cybersecurity software, the CI process runs a VirusTotal​ scan and alerts are generated if there are any false-positive detections.

Both the VirusTotal scan results and a SHA-256 checksum of OpenFin assets can be found in our versions page.

Have questions? Get in touch with us at [email protected].