At present time data access through INTERNET network is practice accepted in industry under the condition that basic issues of security are solved. RETROBANKMDS™ is recognized as an exclusively reliable data store. Receipt of access to data store requires successful passing through eight levels of protection. Possibility of data protection against other users of the same system is unique feature of application RETROBANKMDS™ for data management.
The user receiving access from Internet zone of general use shall pass 4 main levels of identification:
To register in the network of Petrodata Kazakhstan as Citrix-client for carrying out terminal access to applications.
To register in application, identifying oneself as an employee of definite company-member having a right of access to certain application.
To connect to data source as an employee of definite company-member having a right of access to certain application connected with definite data source.
To connect if necessary to FTP site using RSA token as a generator of passwords.
It is necessary to note that browsing, selection and order of data from storage system can be carried out only by those users who are entitled with such right. Control of granting rights is a key peculiarity of PetroBank system. Each data element has a set of permits specifying exactly the users having the right for information browsing.
Security system also includes control of access to storage system and physical security of operational centre.
Control of access to storage system
Computer system is divided into main zones/domains of security with the help of two redundant devices of network protection (internal and external):
Zone of Internet/general use
Zone of Internet/general use is located in local network and it provides secure access to data store, working areas of users and interface applications PetroBank and Power Explorer.
Demilitarized zone (DMZ)
DMZ – is small “neutral” network between zone of secure private (Backnet) network and external Internet/general network of using. DMZ of NDB disposes servers and mechanisms of access to application and data and provides transfer of all types of data from secure private zone to users.
Zone of secure network (Backnet zone)
All data, servers, controllers of domains and authentication servers are located in this secure production network. Only administrative traffic is admitted in Backnet network, for example, domain identification or requests for data acquisition.
Security of physical data/infrastructure
Consists of:
Control systems of access to premises
Video surveillance systems with constant recording.
Smoke detection systems.
Systems of gas fire fighting in the server room.
Uninterruptible power supply
Control systems of air temperature and moisture in the server room.
Primary systems - gas fire fighting, uninterruptible power supply, control of temperature and moisture are duplicated.
Backup and recovery after accidents
Methods of data backup are a centre of secure work of Petrobank. All data of clients are regularly reserved according to predetermined schedule. Management of backup frequency, quantity of standby versions liable to storage, type of backup, etc. is carried out by means of the program Tivoli Storage Manager (TSM).