Responder - BSI Data Center

BSI Data Center

This guide provides an overview of the BSI (Bank Secrecy Information) Data Center, which houses bankVOD's secure infrastructure. Understanding the security measures and compliance certifications helps ensure your institution's data is protected at the highest level.

Accessing BSI Data Center Information

From the Control Panel, click BSI Data Center under the Manage Account section. This will display information about bankVOD's secure data center facility and compliance certifications.

BSI Data Center Overview

The BSI Data Center is located at 350 East Cermak, Chicago, IL and is designated as Privileged & Confidential. This facility serves as the premiere mission-critical datacenter in the Midwest.

Facility Infrastructure

The data center features industrial-strength infrastructure:

Four fiber vaults for redundant connectivity
Three electric power feeds providing more than 100 megawatts of power
Second-largest power customer for Commonwealth Edison (trailing only Chicago's O'Hare Airport)
More than 50 generators throughout the building
Multiple 30,000-gallon tanks of diesel fuel for grid power support

Security Certifications and Compliance

SSAE16 Certification

The BSI Data Center maintains SSAE16 Type I & II Certification, demonstrating compliance with rigorous auditing standards:

View Type I report – Access the SSAE16 Type I certification documentation
View Type II report – Access the SSAE16 Type II certification documentation

PCI Compliance

The data center maintains PCI (Payment Card Industry) compliance with SecurityMetrics certification:

View certificate – Access the PCI compliance certificate
View ASV Scan Report Executive Summary – Review vulnerability scanning reports

System Architecture

Network Topology

The BSI Data Center utilizes a Screened Subnet Topology, which is the most secure (and most expensive) network design option. In this configuration, the DMZ (Demilitarized Zone) is placed between two firewalls for maximum protection.

DMZ (Demilitarized Zone)

The DMZ contains:

SonicWall VPN Firewall – Provides secure virtual private network connectivity
IIS Web Server – Hosts web applications and services

Internal Network

The internal network is completely isolated and includes:

SonicWall VPN Firewall – Additional firewall protection for internal resources
Microsoft SQL Server – Secure database server for data storage
Data Storage – Protected storage infrastructure
No external IPs – The internal network cannot be accessed from outside the network

Security Measures and Features

Encryption and Data Protection

Force encryption to the SQL Server – All connections between the Web Server and SQL Server are encrypted
Extended Validation SSL – VeriSign Extended Validation SSL certificates provide:
- Green address bar in high security browsers
- Up to 256-bit encryption with 40-bit minimum
- VeriSign Trust™ Seal with VeriSign Seal-in-Search™ for maximum click-through and conversions
- Daily website malware scanning

Steganography Detection

StegAlyzerRTS Steganography Detection protects against hidden data threats:

Detect fingerprints of over 1,000 steganography applications
Detect signatures of over 55 steganography applications
Send real-time alerts to network security administrators
Retain copies of suspect files for further analysis
Totally transparent to insiders

Anti-Virus Protection

Host-based Anti-Virus: Symantec Endpoint Protection

Host Intrusion Prevention Software (HIPS)
Host Intrusion Detection Software (HIDS)
Disable USB port on all hosts

Log Management

Logs management: Tripwire Log Center

Log and Event management for security and compliance
Monitor drive space from a centralized location

Password Policies

Comprehensive password security features include:

Password length must be at least 7 characters long
Must contain at least one number and at least one letter
Cannot be the same as the login ID
Account lockout after 5 failed attempts
Block concurrent user connections (users cannot login from different locations simultaneously)
After 3 months of account inactivity, user needs to verify account
Locks end users out after 15 minutes of inactivity
New accounts require end user activation by validating email address and entering temporary login credentials
bankVOD Administrator can limit access by specifying an IP Address Range
Account creation can be restricted by Company Name, Valid Company Email Address, and IP Address
Logon/warning message displayed during initial logon process

Additional Security Features

Source code analysis – All code is analyzed using WebInspect before uploading to production
Document deletion – Uploaded documents are deleted from the server once successfully delivered. All processed verification requests are delivered directly to the requestor
Web application firewall – Protection against common web-based attacks

BSI Policy Overview

BSI maintains comprehensive policies and procedures in adherence to the information security domains of ISO/IEC 27001 and ISO/IEC 27002 frameworks. Policies are reviewed on an annual basis and include:

Service Level Agreement
bankVOD Terms & Conditions
Capacity Management
Change Management
Cryptographic Policy & Procedures
Password Policy
Incident Management Policy
Information Security Policy
Media Retention and Destruction Policy & Procedures
3rd Party Vendor Management
BSI User Access Management Policy
BSI Server Harding Policy
Privacy Policy
Business Continuity Policy
Confidentiality Agreement
Employee Code of Conduct
Firewall Policy/Management
Logging & Monitoring Policy
Non-Disclosure Agreement
Network Intrusion Policy
Network Security
Pre-Employment Screening Policy
System Development Lifecycle

Downloading BSI Policies

To access comprehensive policy documentation, click Download BSI Policies (pdf) at the bottom of the page. This PDF contains detailed information about all BSI security policies and procedures.

How can we help?

User Guides Menu