RiskServers SA > Policies > Security

Security Policy

 

RiskServers SA offers multiple levels of security to Customers

Proprietary data is always encrypted with a multiple layer encryption scheme based on SHA1, 246, SHA512, AESl. This encryption scheme provides multiple key-lengths of 256 (fast)  up to 2048 (slow).

The exact encryption scheme and description is provided to customers upon demand.

RiskServers SA employs the following security schemes to protect the integrity of your information:
  • Your System Profile available at http://www.riskservers.com is only accessible with the correct user name and encrypted password.(See Below)
  • Additional Encryption mechanisms are available upon request.
  • An encrypted Digital ID is stored on the registered system and is used to authenticate each transaction between RiskServers or the Risksvr engine and your client system.
  • Any suspect activity triggers automatic tracing and logging.
  • All data transfer between RiskServers and the Risksvr Risk Engine is encrypted and  across private, non-advertised networks.
  • All transactions can be encrypted using a Secure Sockets Layer (SSL) connections.(See Below)

RiskServers takes security of customer information and system security very seriously. Please report any instances of security vulnerability or breach with any RiskServers  product or service.

By default, RiskServers  on non-Unix platforms offers a reasonably secure mechanisms that encrypt your password before it is even sent over the network.

This means that when you sing-in to riskservers.com or risksvr.com with Netscape (c) or Internet Explorer (c) the password is sent encrypted. Anyone monitoring your session(s) would not see the password you have typed in.

Unfortunately, this mechanism does not work on some versions of Netscape that run on Unix/Linux platforms.
Indeed, Netscape on Unix/Linux will send a form as it is typed by the user, even if the field is blanked or overwritten afterwards!

If you are a Unix or Linux user or If you need to ensure much higher security levels to protect  your portfolio or the portfolio of your customers, positions and analysis remain completely confidential we recommend that you use the standalone versions and additional SSL encryption when you use online packages. 

Please bear in mind that the engine might run slower due to the SLL overhead!

You can access the SSL site by clicking on the padlock on the main login form.

Once you have signed in a cookie will be sent to your browser. The cookie contains encrypted information.
For your own personal security, please note that any tampering with the cookie automatically triggers a series of measures in order to trace the illegitimate user.
The same holds true upon failed login sessions.

Note: The site is open to the general public with no access level and user rights by selecting the guest account or typing
username:guest
password:guest. 

For more informaiton, please read the guest account document.

The Selection of the Guest account requires no exchange of private information.