eLink Servers support a range of different security models and techniques depending on your requirements, level of desired security and budget. Your needs for internet connected servers is probably higher than internal secure networks.
Authentication is about proving you are who you are, while authorisation is about verifying you are permitted to access the resource/data you are requesting. While often mixed in common use, they are seperated here as different techniques are used for each piece.
Options to prove who you are (Authentication)
| No Security | You may explicitly enable some end points to have zero security |
| Username/Password | |
| Stored Token/Password | |
Options to secure messages in transit
| SSL | Commonly available encryption of messages between browsers and web servers. SSL does not prove you are you (without client certificates, which we do not currently use) so cannot be used as an authentication method |
| OTP | One Time Pad encryption. Advanced usage only due to key management issues for most clients |
| AES-256 | |
Additional measures taken by server
| Geo Checking | The server may check your requests to verify the Geographical location you are currently in. This is not considered a very secure check but does offer some level of protection. |
| Fingerprinting | The server may use finger printing techniques to more gain more reliability that you are who you say. |
| Usage Tracking | We may build a profile of your typical use and verify requested access against this. For example, if you typically only view reports or edit products, but suddenly start altering credit limits for accounts, this may trigger a usage tracking event. |
| Data Sharding | In high security environments, your data may be seperated over multiple servers in a fashion similar to RAID-5 disk technology. This sharding is done at a bit/byte level, so that no single server has full details of anything. This results in slower client use (as need to communicate to multiple servers to fetch a record), but means that compromise of a single server yields little information. |
| Velocity Controls | You may be able to configure velocity controls to restrict the flow of data to clients in some cases. For example, the option to retrieve a complete sale is available, but clients would rarely request ALL details on ALL sales, even requesting one at a time, so you may choose to start slowing data flow down in this case. A velocity control can help limit the amount of data loss should a security incident occur. |
Note, all the security options and tracking/monitoring techniques are ONLY used to verify your identity and secure your data. You may deselect these options for your account, but they are designed to provide additional security. We do not share this information with anybody
SSL, OTP, AES, HMAC, Geo Checking, HTTP Fingerprinting, usage tracking