The WAVE PTT solution encrypts all communication between the WAVE PTT user and PTT server. It ensures the privacy of all voice traffic and signaling information traveling between the PTT user and PTT server.
19.1 Transport Security
- Dispatch traffic such as PTT calls, secure messaging, history logs, location information and recording uses secure transport HTTP(S) – AES 256 encryption
- HTTP secure headers are added as part of security by server
- TLS 1.2 session between Dispatch client and server is established using certificates issued by a well-known Certificate Authorities (such as Symantec-VeriSign, Geotrust, Entrust etc.) for calls, log upload and location information
- FIPS140-2 compliant.
19.2 Network Security
- KODIAK servers are protected behind application load balancer and application firewall (F5)
- Access to server database is secured by user authentication, authorization and access control
- Communications between browser and server is http with basic authentication
- Communications between plug-in and POC server is http with digest authentication.
19.3 Storage Security
- Dispatch does not store any user data on local drive.
- All the data used by Dispatch is stored temporarily in the browser memory.
- Db files are encrypted and is in user/appdata
- Plug-in logs are encoded.
Note: Metadata/Attachment/Recording exported manually or downloaded by Dispatcher locally on computer are outside the scope of KODIAK application security.
19.4 Server-side Storage Security
Server side data stored in database is secured by user authentication, authorization and access control.
19.5 User Authentication, Cookies and other Security
- Uses OIDC standard for login.
- Extension and plug-in are domain protected
- Cookies are used for “Remember Me” and Language, no credentials related data are stored in cookie.
- Cookie set for token received by server, Dispatch deletes the cookie once it receives. Token is stored in session storage
- Following Cookie flags set
- Http Only
- Host- prefix