Mago.io
  • Welcome to Mago Knowledge Base!
  • Prerequisites setup
    • Hardware, OS and Software Requirements
      • Multiple Display supported Scenarios
      • How to enable Bluetooth BLE (proximity) for BYOD Features
    • Network Requirements
    • Wireless Display
      • I am unable to see Miracast (AirServer) as a destination to mirror to
      • Fixing Miracast Issue with some Wifi Chipsets
    • MS Teams best practices
      • (optional) Disabling Chat in Teams accounts
    • Zoom best practices
    • System Hardening Best Practices
    • How to Create a Room Resource for Calendar Events
      • Google Workspace
      • Microsoft 365
        • Setup a room resource
        • Configure a Room resource
    • OS Updates, Drivers & firmware
      • OS Windows update policy
      • Update policy for Drivers and Firmware (Intune)
      • Mago Room Update
  • Installing Mago Room
    • Installation steps overview
      • ✍️Pre-requisites checklist
      • 1️⃣Install and configure Windows 10/11 OS
      • 2️⃣Install and configure Mago Room
        • Getting Mago Room
        • Installing Mago Room
          • Deploy Mago Room with Software Distribution (Silent Install)
        • First Configuration (Wizard)
        • Advanced Settings
      • 3️⃣Post-installation checklist
  • Cloud Management & Analytics Console
    • How to Create an IT Admin User Account and Manage Mago Room and Licenses
    • Adding a Room in the Valarea Management Console
    • Using the Mago Room ADMIN Console
      • Rooms List
      • How to Create Groups and Tags
      • How to create Policies
      • How to Assign Policies
      • Create and Schedule a Task
    • Analytics Console
  • FAQ
    • Frequently Asked Question
      • Mago OAuth scopes and permissions explained
        • Mago Room OAuth scopes
        • Mago Workspace App OAuth scopes
      • Important Configuration Files
      • Antivirus & Firewall exceptions
      • Installing Mago Room on existing Room systems (MTR or Zoom room hardware)
  • Videos for training
    • Videos for training
  • Mago Essential
    • Setup Guide
      • Requirements
      • Hardware installation
      • First configuration
  • TECH DOCS
    • 🛡️Security White Paper
      • Introduction
      • Reliability
      • Application Security
      • Mago Room Security
      • On-Cloud / On-Premise Deployment Security
      • Encryption
      • Vulnerability Management
      • Mago Information Security
      • Physical Security
      • Conclusion
    • ℹ️Dec 14, 2021 | Vulnerability Statement | Log4j
    • 📄Privacy Policy
    • 📱Mago Workspace for Android - Data safety
  • Support
    • Mago Helpdesk and Support
Powered by GitBook
On this page
  • Data Encryption at-rest and In-Transit
  • Key Management
  • File Encryption Keys
  • Internal SSH keys
  • Key Distribution
  • Managing Secrets
  • Network Security
  1. TECH DOCS
  2. Security White Paper

Encryption

Data Encryption at-rest and In-Transit

Mago adheres to NIST standards for encryption, utilising both at-rest and in-transit protection. AES 256 encryption for data at rest TLS 1.2 or higher for transmission, you can be assured that your data is secured by industry standards, globally.

Key Management

The Mago key management infrastructure is designed with operational, technical, and procedural security controls with very limited direct access to keys. Encryption key generation, exchange, and storage is distributed for decentralised processing.

File Encryption Keys

File encryption keys are created, stored, and protected by production system infrastructure security controls and security policies.

Internal SSH keys

Access to production systems is restricted with unique SSH key pairs. Security policies and procedures require protection of SSH keys. An internal system manages the secure public key exchange process, and private keys are stored securely.

Key Distribution

Mago automates the management and distribution of sensitive keys to only the systems that are required for operations. The key distribution system is based on Microsoft Azure Key Vault.

Managing Secrets

All secrets such as API keys, passwords, database credentials, or certificates are stored in a centralised system for securely accessing secrets. We never store secrets on local servers or code repositories. Access to the secrets management system is authorised only for a small number IT Operations engineers.

Network Security

Mago diligently maintains the security of our backend network. Our network security and monitoring techniques are designed to provide multiple layers of protection and defence. We employ industry-standard protection techniques, including firewalls, network vulnerability scanning, network security monitoring, and intrusion detection systems to ensure only eligible and non-malicious traffic is able to reach our infrastructure.

Our internal private network is segmented according to use and risk level. The primary networks are:

  • Internet-facing DMZ

  • VPN front-end DMZ

  • Production network

  • Corporate network

Access to the production environment is restricted to only authorised IP addresses and requires key authentication on all endpoints. IP addresses with access are associated with the corporate network or approved Re Mago personnel. Authorised IP addresses are reviewed on a quarterly basis to ensure a secure production environment. Access to modify the IP address list is restricted to authorised individuals.

Traffic from the internet destined for our production network is protected using multiple layers of firewalls and proxies. Mago identifies and mitigates risks via regular network security testing and auditing by both dedicated internal security teams and third-party security specialists.

PreviousOn-Cloud / On-Premise Deployment SecurityNextVulnerability Management

Last updated 1 year ago

🛡️