Vega SolutionsVega Solutions
Vega Solutions
Bespoke solutions you can trust
  • Solutions
    • e-Banking Solution
    • Vision Banking System
    • Sirius Web Portal
    • Wealth Management Portal
    • Digital Transformation
    • Sirius Business Bridge
  • Technical
  • Case Studies
  • Blog
  • FAQs
  • About
    • About Us
    • Our Partners
  • Get In Touch
0118 971 1180
  • Solutions
    • e-Banking Solution
    • Vision Banking System
    • Sirius Web Portal
    • Wealth Management Portal
    • Digital Transformation
    • Sirius Business Bridge
  • Technical
  • Case Studies
  • Blog
  • FAQs
  • About
    • About Us
    • Our Partners
  • Get In Touch

Security features

Security is built into the core of our software. To protect your clients and your data. We regularly pass penetration tests with top marks.

How Sirius is built makes it highly resistant to hacking attacks. Sirius is regularly penetration tested to ensure security by “ethical hackers”. What are these attacks and how does Sirius defend against them?

Brute force password attack

This is where a hacker simply tries millions of usernames and passwords. It was reported that this is how iCloud was compromised and images of celebrities stolen. Sirius defends against this by locking out any account that has a small number of failed login attempts in a row. An administrative user can later re-enable the account.

Key Logging or Network Traffic Interception (Man in the Middle)

This is where a hacker installs software on a user’s PC to record keystrokes or views the data transmitted between the user’s browser the online server by monitoring the traffic. In both cases the hacker can look through the recorded text to find a regularly repeated string of characters. This could be a username and the current password. Sirius uses the concept of a Memorable Word. The user is asked for two or three characters from the Memorable Word. The whole word is never typed in. This makes determining the Memorable Word much more difficult.

Another way Sirius defends against Man in the Middle attacks is through the use of One Time Passwords. Every time Sirius exchanges data between the user’s browser and the online server Sirius sends out a unique One Time Password or OTP. It looks like this:

72ABC0BD-253B-4F38-BAB9-7745D4E65E12

When the browser sends back the next request it sends the OTP with it. Sirius then checks that the OTP is the same. If not the user is logged out immediately. This makes it very, very hard to hijack a user’s session.

SQL Injection

This is being reported as the attack used to steal information from TalkTalk. This consists of a hacker manipulating the user interface to add their own database queries to the ones being legitimately used by the application.

Sirius defends against SQL Injection attacks in a number of ways:

  • Avoids dynamic SQL strings so there’s never any possibility of a database query being amended.
  • Sirius exclusively uses Stored Procedures to query the database
  • User inputs are scanned for SQL scripting commands
  • Lowest possible access privileges for the Windows Domain account that queries the SQL database. The user account only has rights to execute the Stored Procedures it needs – access to other database structures are disallowed.

The above denies attackers the ability to steal data online even if they have managed to obtain user credentials.

URL Manipulation

This is where a hacker who has legitimate credentials to log on to the system changes parameter values in the browser’s URL string in an attempt to access information not properly available to them. Sirius defends against this through user session validation. When a user logs on a Session is established unique to them and the instance of them logging on. Each time the user requests information the user’s Session is checked for validity and their application rights determined. In this way Sirius based applications can ensure only data a user has rights to is displayed to them.

Request a free Sirius demo

Submitclear

Contact us
Phone number:
0118 971 1180

Email:
[email protected]

Business hours:
Monday - Friday 8 AM - 6 PM

Find us on:

Linkedin
Take a look around
  • Solutions
    • e-Banking Solution
    • Vision Banking System
    • Sirius Web Portal
    • Wealth Management Portal
    • Digital Transformation
    • Sirius Business Bridge
  • Technical
  • Case Studies
  • Blog
  • FAQs
  • About
    • About Us
    • Our Partners
  • Get In Touch
Recent posts
  • 7 Key Evaluation Criteria for Selecting the Best E-Signature Software
    25th February 2021
  • Reducing Friction in Online Account Opening with Digital Identity Verification
    15th February 2021
  • Are OneSpan E-Signatures legal in the UK?
    11th February 2021
Professionally connected
Vega Solutions
© 2020 Vega Solutions | Terms of Use and Privacy Policy & Cookies.

Website: The Flex Studio

This website uses cookies to improve your experience. We'll assume you're ok with this when you click the accept button Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT