| Panel | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
ON THIS PAGE
|
For a cloud-based content management and distribution network, database security and server reliability are of the highest priority. The BrightSign Network (BSN) BSN.cloud has been built with these principles in mind. This section provides a general overview of security and recovery architecture for BSN.cloud. Note that some specific information may be withheld for security purposes.
Physical Security
All BSN.cloud servers are hosted using Amazon Web Services (AWS). Amazon strictly controls physical access to its platform infrastructure using military-grade perimeter control, as well as state-of-the art surveillance and intrusion-detection systems.
...
All communication with BSN.cloud is mediated by two pairs of gateway servers. All calls to BSN domains are directed to these gateways. Each gateway communicates with a specific set of BSN nodes, and each pair of gateways is assigned traffic from a geographically distinct part of the globe.Amazon Route 53.
Nodes located within the security group (i.e. behind the gateways) can communicate directly with each other because they have a list of internal IP addresses; however, these addresses are not communicated outside of the security group.
...
You can use the Web Inspector to debug webpages on the BrightSign Chromium instance (see the HTML Best Practices page for more details). This tool does not require authentication, so any party on the network can access and alter content on the BrightSign player; therefore, the Web Inspector should be disabled in production environments.
Linux Security
Though the BrightSign application runs on a Linux stack, it is unlikely that conventional Linux malware will be able to infect BrightSign players. A BrightSign player will only execute a firmware image that has been cryptographically signed by BrightSign. Also, during normal operation, the filesystem used on the player is read-only.
...