Mago.io
  • Welcome to Mago Knowledge Base!
  • Prerequisites setup
    • Hardware, OS and Software Requirements
      • Multiple Display supported Scenarios
      • How to enable Bluetooth BLE (proximity) for BYOD Features
    • Network Requirements
    • Wireless Display
      • I am unable to see Miracast (AirServer) as a destination to mirror to
      • Fixing Miracast Issue with some Wifi Chipsets
    • MS Teams best practices
      • (optional) Disabling Chat in Teams accounts
    • Zoom best practices
    • System Hardening Best Practices
    • How to Create a Room Resource for Calendar Events
      • Google Workspace
      • Microsoft 365
        • Setup a room resource
        • Configure a Room resource
    • OS Updates, Drivers & firmware
      • OS Windows update policy
      • Update policy for Drivers and Firmware (Intune)
      • Mago Room Update
  • Installing Mago Room
    • Installation steps overview
      • ✍️Pre-requisites checklist
      • 1️⃣Install and configure Windows 10/11 OS
      • 2️⃣Install and configure Mago Room
        • Getting Mago Room
        • Installing Mago Room
          • Deploy Mago Room with Software Distribution (Silent Install)
        • First Configuration (Wizard)
        • Advanced Settings
      • 3️⃣Post-installation checklist
  • Cloud Management & Analytics Console
    • How to Create an IT Admin User Account and Manage Mago Room and Licenses
    • Adding a Room in the Valarea Management Console
    • Using the Mago Room ADMIN Console
      • Rooms List
      • How to Create Groups and Tags
      • How to create Policies
      • How to Assign Policies
      • Create and Schedule a Task
    • Analytics Console
  • FAQ
    • Frequently Asked Question
      • Mago OAuth scopes and permissions explained
        • Mago Room OAuth scopes
        • Mago Workspace App OAuth scopes
      • Important Configuration Files
      • Antivirus & Firewall exceptions
      • Installing Mago Room on existing Room systems (MTR or Zoom room hardware)
  • Videos for training
    • Videos for training
  • Mago Essential
    • Setup Guide
      • Requirements
      • Hardware installation
      • First configuration
  • TECH DOCS
    • 🛡️Security White Paper
      • Introduction
      • Reliability
      • Application Security
      • Mago Room Security
      • On-Cloud / On-Premise Deployment Security
      • Encryption
      • Vulnerability Management
      • Mago Information Security
      • Physical Security
      • Conclusion
    • ℹ️Dec 14, 2021 | Vulnerability Statement | Log4j
    • 📄Privacy Policy
    • 📱Mago Workspace for Android - Data safety
  • Support
    • Mago Helpdesk and Support
Powered by GitBook
On this page
  • Mago on Cloud Security
  • Mago on premises security
  • Mago infrastructure scheme
  1. TECH DOCS
  2. Security White Paper

On-Cloud / On-Premise Deployment Security

Mago on Cloud Security

Re Mago Meeting Server Separation of Duties and Least Privilege Security Principles

The principle of “Least Privilege” essentially means that users should not have more privileges than needed to complete their daily task. To secure data and the system in general from potential damage, it is essential to identify a comprehensive hierarchy of users and separate duties and to provide each individual with his or her own user ID and with permissions as minimal as possible to complete tasks.

RBAC Support and SoD

Re Mago Meeting Server support Role Based Access Control. Every meeting / workspace can be managed by a meeting owner who can control user permissions.

Microsoft Azure

Azure’s Data centres are geographically dispersed and comply to ISO/IEC 27001:2005, SOC 1 and SOC 2 and has CSA STAR certification. These Data centres are managed and operated by Microsoft who have decades-long experience building enterprise software and running some of the largest online services in the world. See the Reliability > Compliance section for more information.

SSL Rating

Mago Cloud has an A rating from Qualys SSL Labs, the highest ranking possible, which means it is protected from all known attacks and follows all best practices.

Mago on premises security

Microsoft IIS, Microsoft SQL and NTFS file system are legacy components needed for to deploy internal on-prem RMS architecture. Layer 7 firewall are strongly suggested in order to provide high level of security and 0-Day exploit explosion.

Purging policy for end-users data (State-less configuration for the RMS)

Re Mago Meeting Server can be configured to schedule a daily data wipe stored into the RMS secured storage partition. End-users data include all user activities media content, whiteboard content, workspace ID, workspace PIN and recap files.

Notes:

  • RMS supports HTTP connections (LAN only), but we strongly recommend encrypted HTTPS over TLS 1.2.

  • We do not directly tunnels any service. You can access resources only passing through our dedicated API interface and after passing a double level of authentication.

  • We validate client inputs, verifying the presence of security tokens inside the HTTP headers and checking the content of the client calls.

  • We implemented a strong custom authentication based on a double security token. The first token is released at the first call and is mandatory to retrieve the second token. The latest is verified at the beginning of each client call.

  • We added rate limits to the authentication attempts that a client can do in a time unit. After this number/time limit, the attacker client is blocked.

Mago infrastructure scheme

PreviousMago Room SecurityNextEncryption

Last updated 1 year ago

🛡️