Zero-In Communications Security
Zero-in takes the security of your displays, accounts and media content very seriously. Our managed Content Management system provides encrypted connections, stores your data in a secure cloud platform and protects your account from unauthorized access. With these security measures in place, we give you peace of mind knowing your displays are safe and secure from unlawful tampering.
Zero-In displays are equipped with a device that is used for playback and logging. This device is known as a player. The player resides inside or near the display.
The player is shipped from Zero-In with DHCP enabled and will resolve its own IP address from your router or DHCP server. If you would like to set the display to static, please notify your Zero-In account manager. The display and its player reside inside your local network or on a separate network managed by Zero-In.
The player uses internet- standard security methodologies to connect with the content management servers. This allows the player to securely reach out across your firewalls and routers and ensures your data remains intact. The player connects to Zero-In servers and does not look for any other traffic or IP settings.
The diagram below shows how the player attached to the display connects to the Zero-In content management servers.
Transmitting sensitive data (passwords, file hashes) – Data is encrypted and transmitted via HTTPS (Port 443)
• Transmitting non-sensitive data (such as Media Library files) Files are transmitted via HTTPS (Port 443).
• Files are validated with file hashes; hashes are transmitted via HTTPS (Port 443).
• Hashes ensure files are intact and untampered. • Hashes are encrypted.
• Individual user names and passwords
• Individual roles for users to permit or limit access/activities available to users • Passwords are not shown as clear text when viewed.
• All credentials are encrypted and transmitted via HTTPS (Port 443).
• Passwords are hashed when stored.
• Zero-In does not require regular password updates; password updates are the user’s responsibility.
• Sessions timeout after a period of inactivity.
All initial connections between User’s network and Content Manager are outgoing via HTTPS (Port 443), meaning there is no need for a firewall exception for incoming traffic. Zero-In —hosted by Amazon AWS—uses server validation via HTTPS (Port 443)
• Zero-In automatically audits and logs configuration changes.
• Zero-In manages all content management servers using Windows Server 2012 64-bit. User information is never permanently stored on these servers.
Disclaimer: Zero-In is not responsible for the user’s network security. The user is responsible for evaluating and implementing their own network security. If the user uses any external dynamic data, security is the responsibility of the user and data provider; Zero-In is not responsible for the use of any external dynamic data.
Network Diagrams will vary depending on client specific setup.
Here is a generic network diagram showing data path from Content Manager to final display.