• Site Map
• Contact Us

• Home
• Our Company
• News &  Events
• Products
• Services
• Resource Center
• Community

Products Technology Security Layers

Security Layers

Layered Security Architecture

Hitachi ID Management Suite® is designed to be secure. It is protected using a multi-layered security architecture, which includes running on a hardened OS, using file system ACLs, providing strong application-level user authentication, filtering user inputs, encrypting sensitive data, enforcing application-level ACLs, storing log data indefinitely and more.

Hitachi ID Management Suite never requires plaintext passwords to be stored in configuration files or scripts and does not store plaintext passwords anywhere. Hitachi ID Management Suite does not ship with a default administrator password -- one must be typed in at installation time.

These security measures are illustrated in Figure [link].

    Network architecture security diagram (1)

User Interface Input Protection

The CGI programs (which are responsible for all Hitachi ID Management Suite user interfaces) use a special string library to validate all input before processing. This includes variable length, filtering out special characters, HTML codes, SQL codes, checking for valid formatting and value ranges, etc.

Use of a standard approach to filtering all inputs prevents buffer overrun, cross-site scripting and similar attacks.

Managing Web UI Session State

Hitachi ID Management Suite user interfaces all authenticate users with a password or other credential at initial access. Once authenticated, users are assigned a session ID, which is globally unique within the context of that Hitachi ID Management Suite server, by virtue of containing a date and a sequence number (record number in a session table).

All state information associated with the user's login session -- for example the user's login ID and name, ACLs, web user interface navigation history, request form details and more -- are tracked on the Hitachi ID Management Suite server, keyed to the session ID.

Each HTML page in the Hitachi ID Management Suite user interface contains a hidden tag, with a session key. The session key is a sequence of 16 randomly generated bytes and is newly and randomly generated for each and every displayed web page. Session keys are also stored on the Hitachi ID Management Suite server and mapped to session IDs. Keys are valid for a single use and for a limited time. IDs are valid until cleared.

Hitachi ID Management Suite validates that user input came from an active, current session by looking up the session key from the user input form, to find the appropriate session ID and validate that timeout has not happened. Session keys may not be reused, so session playback, or even use of the browser "Back" button is prohibited.

© Hitachi ID Systems, Inc. 2008. All rights reserved.