In This Section

• Common Oversights
• IM Security
• Evaluating Security
• VIA3 Security Story
• Security Credentials
• White Papers

VIA3 Security Story

VIA3® was built from the ground up to offer complete security and privacy for business professionals who need to rely on the Internet for business-critical communications. The goal was to create a system so secure that even a hacker with access to the source code could not compromise customer data.

As further testament to VIACK's commitment to absolute security and protection of information, the VIA3 cryptographic module has been certified to meet Federal Information Processing Standards (FIPS) 140-2 Level 1, a government standard for cryptographic module security requirements as defined by the National Institute of Standards and Technology.

• Secure Connections
• End-to-End Protection
• Public Key Encryption
• Lock-tight Password Protection
• Private Access Control Lists
• Encrypted File Storage
• Secure Communications
• About Virus Protection
• Physical Security

Secure Connections

VIACK® takes security seriously. First, all data (video, audio, files, instant messaging traffic, collaborative sessions, etc.) is encrypted and remains in that state until received by the intended recipient. Second, the VIA3 system does not store the keys necessary to decrypt this data on its servers. Finally, every transaction that is initiated by a user is verified on the server for proper rights before it is executed.

VIA3 uses a SSL/TLS Cipher Suite consisting of a key exchange method (RSA), a data encryption algorithm (AES), and a hash algorithm (SHA-1). These encryption components provide a secure corridor for data to travel during its transmission over the Internet and are used to protect client presence information, meeting invitations, instant message data, files and audio/video feeds.

End-to-End Protection

VIA3 provides end-to-end protection of all files, data, audio and video using AES encryption. In fact, VIA3 data is never stored in an unencrypted form at any time.

Public Key Encryption

Each VIA3 user is given a unique public-private key pair that is used by the VIA3 system to protect and share sensitive data. Data can be encrypted using one part of the key pair, and can only be decrypted using the other part of the key pair. The key pair used for encryption cannot be used for decryption and vice versa. The keys are an automated way to verify that the user is the intended recipient, with the public portion of a user's key being available to all, while the private half of the user's key is protected cryptographically and is only available to that particular user.

Lock-tight Password Protection

Passwords are a vital component of the VIA3 security architecture. VIA3 provides a secure, certificate-based authentication exchange that does not send any plain text across the Internet. When a user enters a username and password to log on to the VIA3 system, the user's encrypted private key is downloaded to their machine where it is then decrypted. Each subsequent connection to a VIA3 server is authenticated using a challenge-response exchange. The VIACK servers do not keep a copy of any user's password.

Private Access Control Lists

The VIA3 workspace feature provides users with a secure place to share files with other VIA3 users. Users decide which files to share in each workspace and who will have access to them. Security for workspaces and files is controlled by Access Control Lists (ACLs). These lists indicate who has permission to access workspaces and files, and the type of operations that can be performed. ACLs may only be changed by the owner of the workspace or file.

Encrypted File Storage

Storing a file on the VIA3 system for sharing with other VIA3 users initiates a multi-step process. First, a cryptographically secure random number is generated and used as the key to encrypt the file (using AES as the encryption algorithm). Next, the encrypted file is copied from the user's computer to the VIACK servers. When another VIA3 user is given permission to access the file, the key used to encrypt the file is encrypted using their public key and the encrypted copy of their key is then transferred to the VIACK server and associated with that particular file.

Secure Communications

Data is encrypted on the user's machine and only becomes decrypted at the final destination. Files, video, audio and instant messaging sessions are not vulnerable to attacks on the network or the VIACK servers or data storage facility. Only the user has the ability to grant access to others in order to view data, whether it is a file, audio stream or meeting invitation. Not even VIACK has access to this information.

About Virus Protection

Ensuring information is secure is an important step to preserving the quality of data. Protecting the data from viruses is equally important. As all files and connections for the VIACK server are encrypted, it is not possible for VIACK to scan for viruses. It is the VIA3 user's responsibility to practice proper anti-virus techniques with shared files to protect their systems. By using VIA3 and safeguarding against viruses, users can maximize the safety of their organization's information.

Physical Security

VIACK's hosted systems are located in a locked cage within a secure, state of the art data center. Access to the data center is strictly controlled, with a limited number of people having the ability to gain access to the floor where the servers are located.

With VIA3 as a managed service, multiple servers are provided (at least two servers for each VIA3 function), with automatic load balancing and fail-over redundancy. Additionally, servers can be added without interruption of VIA3.

Related Links
VIA3 Security FAQ (PDF)
Learn about all VIA3 features
Take a tour of VIA3