The secure network of eXpress badging®.

Understanding a company's information system's cybersecurity infrastructure is the first gateway to customer approval and confidence.

Table of Contents:

• Network Outline
• The eXpress badging® Network
• Networked PCs
• Mobile Platform
• Anti-Virus Hardened
• WiFi Governance
• User Authentication
• Custom Printed Badge and Account Security
• GoToAssist/LogMeIn Remote into Computer Support
• Internal & External Vulnerability Testing 

 

Network Outline 

Above is the eXpress badging Network using the color mapping covering: 

• Veonics® Portal Secured File Transfer 
  • Hosting
  • File Exchange
  • Veonics Credential Database Integration
• The eXpress badging Secured Network
• Customer’s Network
• Secured File Transfer Resources
• Unsecured File Transfer Resources
• CLICK HERE FOR VEONICS PORTAL SECURITY

The eXpress badging Network

• Firewall Appliance
• WiFi Appliance
• Modem and Router Appliances
• Full Metal (local) Backup Appliance
• Redundant Cloud Backup Service
•  Network Switch Appliances
• Physical Server - (Encrypted at Rest)
• Hyper-V configured
• Stores all business applications and files
• Endpoint Antivirus Protect
• Network Segmented PC - (Encrypted at Rest)
• On its own Segmented Network
• Protected PII-related data/photos are stored locally behind eXpress badging’s firewall
• Primary use is off-Portal data and photo (PII) management
• User access is restricted to only those with internal clearance and active login credentials
• PC secured with encryption at rest and USB Port Monitoring
• Network-enabled during import/export of files, or if/when internet access is required
• Endpoint Antivirus Protect

Networked PCs – (Encrypted at Rest)

• User access restricted to only those with internal clearance and active login credentials
• Stores all user applications
  • Various ID Management S0ftware
  • CRM (HubSpot Hosted)
  • Accounting
  • Web-Browsers 
  • Antivirus Protect
  • MS Office
  • Outlook Exchange 
    • Desktop installed Outlook
    • Email encryption is not enabled
    • All data that requires encryption protection must be provided via our secure data/exchange resource: ShareFile File Drop URL
      • Or Uploaded directly to our Veonics Portal
      • No local storage of business/customer files is permitted on any local or remote PC/laptop

Mobile Platform

• Mobile Phone – (Unencrypted at Rest)
  • All company-provided phones are iPhones with biometric access
  • Phone and Email use only
  • Provided to Corporate Officers only
• Laptop – (Encrypted at Rest)
  • Used for remote access to a network for mobile access/work
  • Uses secure VPN protocols
  •  No files are stored locally

• Office 365 (Encrypted at Rest)
  • With Office 365, data is encrypted at rest and in transit, using several strong encryption protocols and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).
  • All email is managed by Office 365
  • We do not enable multifactor email access
  • Secured via Transport Layer Security (TLS) 
    • TLS version 1.2 (TLS 1.2)
    • Deprecated Protocols
      • 3DES 
      • SSL
      • SHA-1
      • RC-44

Anti-Virus Hardened

All PCs, laptops, and servers have up-to-date, best-in-class anti-virus software. 

WiFi Governance

Restricted employee access with separate time-zoned guest access. Our WiFi network is accessible by authorized employees only. All guests must use our guest network with website redirections to our agreement per defined legal terms. Further bandwidth throttling and time limits are restricted, and access is available only during office hours. 

User Authentication

Only employed eXpress badging personnel are granted network authentication credentials. Auto log-off is strictly enforced after 5 minutes of non-use. Domain Credentials are terminated immediately upon termination or reassignment. eXpress badging employee computer and network access are managed via Microsoft Windows Active Directory via assigned username and password authentication. Passwords are updated quarterly. 

Custom Printed Badge and Account Security

• eXpress badging only provides or publishes samples of customer badges with written approval.
• eXpress badging does not disclose our customers as references unless we have written consent from our referring customers.
• All customer inquiries regarding badge print requests, account information, or other account-sensitive data are securely vetted.
  • If the contact person is not in our CRM as a point of contact, eXpress badging will deny access.  We will immediately contact our stated Primary Point of Contact (PPOC) assigned to your account for confirmation.

GoToAssist/LogMeIn Remote into Computer Support

The customer can disconnect the GoTo Assist session at any time. Reentry can only be established by eXpress badging, with the customer acknowledging and approving another session. At the beginning of all support session calls, the customer user is instructed to close all applications with information not a part of the support call. If the customer user leaves the computer unattended at any time, they must inform the eXpress badging technician they are leaving. If unattended remote access is not allowed, it is up to the customer to inform the eXpress badging technician that the support session needs to be closed until they can return. 

• Requires customer to approve access every time
• Encrypts session data with end-to-end SSL and 128-bit AES encryption
• End-to-end authentication is accomplished using the Secure Remote Password (SRP) protocol
• SRP is resilient against a wide variety of attacks, including both passive eavesdropping and active password cracking

Internal & External Vulnerability Testing  

• Digital Defense’s Frontline VM service provides Quarterly Internal On-prem and Veonics  Portal threat assessment testing
• Digital Defense Frontline VM service provides Annual External On-prem and Veonics Portal testing