Innovators for Industry and Institution Software
8-05-2007
III Software has recently made two enhancements to the security of our site.
Unsecured Access
Unsecured access to our applications has been terminated.
Effective immediately, our applications are available only via secure (https) pages.
Even when requested via an unsecured link, the server will rewrite the link to https,
in effect forcing the browser to use secure pages.
Prior to this change, we enforced the secure-only policy on financial transactions only. While we have always presented links to our applications as https, we had permitted a user to manually link to the application via unsecured http. This enabled people with low-security browsers to continue to access our services.
Our intent is to provide the same high-level of security to all of the information we present. With the increased awareness of privacy and the ever present threat of identity theft, we felt this increased security measure was was essential.
Proxied Web Services
Our Internet-facing web servers no longer contain any of our hosted applications or data.
Instead, they contain only our new application proxy software. This software interprets requests from the Internet,
inspects them to ensure they contain properly formatted messages, and passes them across our internal firewall
to our application server.
Acting very similar to our border firewalls, our proxy software acts as an application firewall. Where our border firewall prevents unwanted or malicious traffic from the Internet, our application firewall prevents unwanted or malicious requests being sent to our applications.
All data containing any personal information (almost all of the data we host) that is accessible from the Internet using our applications is still stored using very strong encryption. That will not change.
The only difference is where your information is stored. Adding another security layer substantially increases the protection of your data.
Unless you have some background in security, this is a difficult subject to digest. This Wikipedia article may help you understand the importance and operation of an application firewall.