Data encryption

Data stored on Fudo One is encrypted with AES-XTS algorithm using 256 bit encryption keys. AES-XTS algorithm is most effective hard drive encryption solution.

Sensitive data, such as passwords, keys, logins, etc. are encrypted in the internal database itself. The encryption key, called Master Key, is a random 256-bit key which is used to derive further keys used to encrypt each section of database, such as Configuration information (User data, Accounts, Safes, etc.), Database Backup and External Storage. Furthermore, Fudo makes use of HMACs to “seal” the encrypted data. Master Key can be exported by superadministrator but only when prior to MK export Fudo is provided a key to encrypt the Master Key itself.

Master Key export procedure allows superadministrator to create a backup of the Master Key, without which data in the database as well as backups and external filesystems cannot be used.

Backups

User sessions data can be backed up on external servers running rsync service. Refer to the Backups and retention topic for more information.

Permissions

Each data model entity, has a list of users defined, who are allowed to manage given object, according to assigned user role. For more information on user roles refer to Roles topic.

Sandboxing

Fudo One takes advantage of CAPSICUM sandboxing mechanism, which separates each connection on Fudo One operating system level. Precise control over assigned system resources and limiting access to information on the operating system itself, increase security and greatly influence system’s stability and availability.

Reliability

System hardware configuration is optimized to deliver high performance and high availability.