PCI and HIPAA compliant administrative logs

Syncplify.me Server! version: 4.0.0+

Another requirement found in the latest versions of both PCI-DSS and HIPAA regulations is the necessity to keep an “untamperable” log of all configuration operations performed by any administrator.

Digitally signing every single log line is not enough, as the disloyal employee could simply delete some log lines entirely. Therefore each line should have a numeric incremental ID (to make it easier to spot “holes”) and each line’s digital signature should “roll over” and be calculated including the previous line’s digital signature in the signed data. This way an administrator cannot delete one (or several) log lines without being spotted.

Furthermore, to make log analysis even easier, each log line is not actually just a “line of plain text”, rather it’s a JSON object that can be easily queried. Here below you can see a typical “log line” showing a call to a configuration REST API and the relative response and signature:

 

Syncplify.me Server! v4: manageable via JSON REST web service

Syncplify.me Server! version: 4.0.0+

Getting closer and closer to the early availability of Syncplify.me Server! v4, we think it’s time to share with our customers one of the biggest new features they can expect to find in the upcoming major version: a secure (authenticated) JSON REST web service that allows granular management and configuration of the server, user database, blacklist, and every other aspect.

Continue reading

Syncplify.me Server! v4: JSON import/export

This article refers to Syncplify.me Server! v4.0, which – at the time the article is being written – is still in beta, and is not yet available for purchase by customers. The purpose of this article is to inform our users about some important upcoming features.

As many of you already know, Syncplify.me Server! is used by both small/medium businesses as well as large enterprises. The latter often require a very high degree of automation and integration in their existing systems and procedures. For such reason, the CLI (Command-Line Interface) if very frequently used to modify the server’s configuration and create/edit user profiles.

But writing an extensive command-line may not always be as easy as System Administrators wish. Opening a CMD or a PowerShell and typing a very long multi-line command with tens of switches may be, at times, a challenging task.

Therefore, as of version 4, Syncplify.me Server! features import/export of configuration and user profiles from/to standard JSON-formatted files. Continue reading