TRX builds its security framework on the foundations of the features and best practices of our Infrastructure as a Service (IaaS) providers. TRX has partnered with industry-leading IaaS providers to deploy a secure, extremely scalable and highly reliable infrastructure to operate the NEON Cloud. As we make a point of implementing strict access control on the NEON system, our IaaS vendors employ strict access controls at every level of our IT infrastructure. This infrastructure evolves to protect customer data from external threats with continuous patches for the latest vulnerabilities the moment they are uncovered. A secured physical location and trusted IT infrastructure from our IaaS vendors, dramatically reduces the threat surface of the NEON Cloud so TRX can focus on securing the data that is important to our customers.
With more than 10 years of experience working with law enforcement and the military, the TRX team understands the unique security needs that come with the sensitive nature of our customers’ work. Floor plans and personnel locations, like all data entrusted to our care, are secured against eavesdropping, tampering, and unauthorized access with up-to-date, industry proven protocols for encryption and authentication. The NEON Cloud platform and our trusted vendors safeguard this sensitive data at rest and in transit, so your data is always secure.
Some specific security features are highlighted below:
With more than 10 years of experience working with law enforcement and the military, the TRX team understands the unique security needs that come with the sensitive nature of our customers’ work. Floor plans and personnel locations, like all data entrusted to our care, are secured against eavesdropping, tampering, and unauthorized access with up-to-date, industry proven protocols for encryption and authentication. The NEON Cloud platform and our trusted vendors safeguard this sensitive data at rest and in transit, so your data is always secure.
Some specific security features are highlighted below:
Authentication
Google OAuth 2.0 Support |
This integration allows the end user to login with their existing Google (Gmail/G Suite) credentials. User accounts are secured by all of Google’s standard mechanisms. |
Password Length and Complexity Requirements |
This prevents the end user from using poor passwords that can be guessed by an attacker. |
Failed Login Attempt Lockout |
This restricts an attacker to a fixed number of attacks per time period. This mitigates online brute force attacks. |
Web Portal Session Timeout |
This prevents the attacker from gaining access to the end user account through access to the end user’s web browser after the session has expired. |
Encryption
HTTPS only |
All data in transit is sent over an encrypted channel. This prevents an attacker from eavesdropping or modifying data in transit. This further prevents an attacker from impersonating our services. |
256-Bit AES Encryption at Rest |
As of 3/14/2018, all floorplans, locations, buildings, and many other types of data, are now encrypted at rest. |
RSA 2048 Bit Certificate |
NEON services are secured using a certificate from DigiCert. |
TLS 1.2 |
We use the most up to date versions of transport layer security (TLS). We no longer support TLS 1.1 and TLS 1.0 due to industry wide planned deprecation. SSL 3.0 is not supported due to known vulnerabilities. |
HTTP Strict Transport Security (HSTS) |
This prevents an attacker from attempting to disable encryption of the channel. Our website declares that any well behaved client must use HTTPS. |
End User Subscription Administration
Controlled Subscription Access |
The user administrator can grant or revoke access to subscription data. |
Assign/Revoke Administrator Privileges |
The user administrator can assign and revoke administrator privileges of other users. |
Audit Device Usage Records |
The user administrator can audit last usage of each device (Android/Command). |
Audit User Login Records |
The user administrator can audit last login of each user (Android/Command/Website). |
Data Retention
|
|
|
|
|
Test Results
3rd Party Testing Tool |
Description |
Performance |
Mozilla Observatory (https://observatory.mozilla.org/) |
Mozilla Observatory tests a website for adherence to security best practices. |
Grade= A+ |
Qualys SSL Labs (https://www.ssllabs.com) |
SSL Labs tests a website’s certificate, protocol support, key exchange, and cipher strength. |
Grade= A+ |
The TRX team built a technology platform that is focused on making data available only to those who should have access to it, and this work is always being enhanced. But security is multi-faceted by necessity and technology is only one piece of the TRX approach. The continued success of NEON is built upon ongoing, day-to-day operations designed to keep us as many steps ahead of any would-be attackers as possible. This encompasses not just technology reviews and regular security audits, but also our hiring practices, evolving partnerships with cloud infrastructure providers, a comprehensive privacy policy for our support staff, and heavily restricted access to customer data even inside of our organization.
For additional information or details on security capabilities and features implemented in the NEON Personnel Tracker and NEON Signal Mapper solutions, please contact the TRX technical support team at [email protected].
For additional information or details on security capabilities and features implemented in the NEON Personnel Tracker and NEON Signal Mapper solutions, please contact the TRX technical support team at [email protected].