Professional Documents
Culture Documents
Dossier Security Tech Brief
Dossier Security Tech Brief
Briefing to understand security implemented while collecting and processing performance metrics
The integrity of the Dossier collector, security of the End User environment, and protection of End User data are issues of paramount
concern in all elements of design of the Live Optics application. Security overrides all other concerns. As an example, many frequently
requested usability features have been rejected, as such features would compromise our strict security requirements.
Live Optics security areas can be divided into the following categories:
- Collector Integrity
- Collector Information-Gathering Protocols
- Dossier file security
- Live Optics Web Application Security
Security begins with the Dossier collector. This section covers security issues pertaining
directly to the Dossier collector.
Collector Integrity
The Dossier collector is a Mircrosoft® .NET executable for the Microsoft® Windows platform. This executable runs in End User environ-
ments. Guaranteeing the integrity of this collector is of critical concern.
The Dossier collector download occurs from a login-protected, HTTPS (SSL) download link. By downloading the collectors directly,
users know they are getting the collector directly from Dell. The collector is digitally signed by Dell using the Microsoft® Authenticode
signature protocol.
The Dossier collector gathers some basic information about the host server where it executes, such as the operating system version,
hostname, and domain. The primary activity of a Dossier scan involves walking the file system. Dossier opens files, examines their
meta-data (last accessed, last written, created date, etc). Dossier also stores and tracks the most commonly encountered file system
extensions. Actual file names are not recorded, and only the root path of each file system to be scanned is recorded. Individual sub
directory names are not recorded.
Optionally, Dossier in some cases reads small portions of a small sampling of files to test the compressibility and de-dup potential of a
file. This data is read and run through either the compression or the
de-dup algorithms built into the collector. No portion of the file data or even any
derivation of the file data (such as a secure hash) is ever recorded in the resulting In This Briefing
Dossier data file.
• Collector Security
• Protocols Used
Dossier files are encrypted with 2048 bit RSA and 256-AES keys. The private keys are secured within the Dell datacenter. The public keys
are embedded into the collector.
The Live Optics web application was designed following the strict Dell guidelines and has been scrutinized by both the internal Dell Security
Team as well as outside security experts.
Access to the site is via the secure and encrypted HTTPS framework. Latest security patches are routinely applied to all Dell servers.
While we do not disclose the design of our environment, the Live Optics datacenter consists of multiple layers of firewalled servers and
communication frameworks. Data is securely stored behind numerous firewalled networks.
Dell Security policy prevents us from listing the exact methods we use to secure the site, but we can disclose that the Dell Security team
routinely runs numerous leading 3rd party security applications that scan both the site and source code for vulnerabilities.
• Hostname
• Number of files