The MyConnection Server (MCS) security model is designed to eliminate the need for commercial web service assets like Apache or IIS, leveraging a whitelist-only approval process to mitigate threats. This approach, akin to a Web Application Firewall (WAF), ensures MCS can reject and audit any ingress requests that do not align with whitelist policy rules. The WAF framework enables MCS to adapt to new threats, such as injection attacks and other vulnerabilities identified by OWASP and similar security organizations. Additionally, the MCS architecture includes an extensible Access Control List (ACL) policy engine, allowing administrators to customize security measures, such as restricting access to administrative functions by IP address or subnet.
Well-established threats, including Cross-Site Scripting (XSS), Cross-Site Request Forgery, and Code Injection, are integrated into the MCS WAF engine by design, ensuring that security rules remain uncompromised regardless of browser versions or custom-built hacker applications. For instance, the MCS WAF can prevent exploits like recursive file syntax (../../), a tactic used to access sensitive OS files. The WAF is also extensible, allowing MCS to quickly adapt to emerging threats.
The NCS (Network Connection Satellite) framework extends the MCS security model to large enterprise global networks and cloud services. Designed as a 'thin' application, NCS provides secure points-of-presence (PoPs) for connection testing in both public and private environments, eliminating operating system and data asset threats. The ACS satellite, a custom hardware solution, and the NQC Satellite, a software-based solution, both implement this secure, lightweight architecture. The ACS offers a portable, rack-mountable platform for low to high-bandwidth scenarios, while the NQC Satellite provides a cost-effective solution for virtual machine platforms like Azure and AWS. Both solutions extend MCS testing services across global networks and cloud-based environments, maintaining the same integrated web architecture benefits inherent to MCS.
For further details, refer to the ACS documentation.
The MCS approach to sensitive data protection is straightforward: don't collect sensitive data. For example, in compliance with PCI standards, Visualware's eCommerce platform, which processes MCS services, does not retain any persistent credit card data. This exclusion is integral to the MCS security framework, which includes extensive penetration testing for all Release Candidate (RC) and General Availability (GA) test cycles.
For more information, see Risk Mitigation Procedures (includes Penetration and Conformance Testing).
MCS delivers an integrated web and data services architecture that supports browser access anywhere while mitigating threats associated with server scripting, binary execution, fraudulent URLs, and other OS threats. This design prevents penetration attacks common to commercial web-server applications, ensuring a secure web framework.
The MCS Satellite architecture offers a cost-effective and secure solution, with both hardware and software implementations designed to operate independently of commercial operating systems. By eliminating the OS layer, these satellites minimize the risks associated with file systems, executable binaries, and other OS assets, creating a secure, solid-state platform. This architecture is suitable for both client and data-center deployments, delivering highly accurate connection measurements with minimal overhead and low operational costs.
MCS software satellites, like the Access Series hardware satellites, implement MCS web testing services on commercial OS platforms with a minimal footprint for both server and client roles. These satellites restrict access to the file system and OS data assets, offering an integrated access-anywhere solution suitable for VM environments and global networks. The satellite security architecture eliminates viral data threats through file penetration, operating without the need for an underlying file system. However, while this approach mitigates file penetration risks, independent OS penetration threats may still persist on the commercial platform where the MCS satellite resides.