Due to rapid scientific developments, presence of various technologies in everyday life and their fundamental effects on public, security has become a vital requirement. On of the most important and novel industries in technology space is digital assets and cryptocurrencies, to which the global need has led to its fast growth and widespread adoption.
This expansion has provided the ground for the fraudulent to once again shape new methods of frauds and scams.
It's a fact that crypto users can provide their security only to some extent; Hence regarding this issue, OMPFinex team has come up to develop a secure platform for its clients and the security-management procedures runs by OMPFinex security team so that users can trade with peace of mind.
- Security in OMPFinex’s Critical Infrastructures
The underlying security framework examined by the company entails five stages which include collecting, protecting, identifying, responding and recovery that through these, system would be protected in the most standard state. These stages evaluate and analyze various issues, most important of which are as follows:
- Security Analysis
Through this system we can analyze threats and identify bad actors to avoid misuse of any kind.
- Intrusion Detection
The system agentlessly begins to transfer the data from monitored systems to the server so that by scrutinizing them, malwares or suspicious activities are detected.
- Log Data Analysis
This system periodically sends all the operating system logs to check them if needed.
- File Integrity Monitoring
The system inspects changes to operating system files. In case of deletion, addition or any change, reports must be provided to the severs in order to be investigated by the security manager.
- Vulnerability Detection
This system is designed by the supervision of the “MITRE ATT&CK” project which scans and identifies different vulnerabilities.
- Configuration Assessment
According to security standards, the system periodically checks insecure operating system configurations.
- Incident Response
This section contains a series of scripts which are provided by the security team so that in case of any kind of abnormality, they could properly respond to the situation.
- Regulatory Compliance
This system sets the required level of compliance of security controls to the global regulations and standards.
- Cloud Security
This system identifies possible blind spots by gathering various data from multiple modules which receive security data from cloud services such as Google, Microsoft and Amazon.
- Containers Security
The system provides a Docker platform to be able to detect threats, vulnerabilities and abnormalities.
- Security Level in the infrastructure of Cryptocurrency Platform
The Cryptocurrency Security Standard (CCSS) is a series of essentials for information systems that use cryptocurrencies; Like exchanges, web applications and blockchain-based storage solutions.
This standard intends to protect cryptocurrency data from unauthorized data access, losing sensitive data and misinformation. Currently, CCSS acts as the security standard for every organization which manages crypto wallets as a part of its business policy.
These standard covers security from 10 angles that are classified in three levels. The company adjusted its platform using this security mechanism in order to stand against most of the fraud methods.
It’s worth mentioning that users’ assets are entirely secured in “cold storage” in an isolated system and are automatically backed up; Also, this backup is kept in a different location and in case of a total system breach or natural catastrophes like fire and... the assets will not be destroyed.
- Periodic Security Evaluation
Security evaluation entails multiple stages in which security examination of the platform and other sections exposing to threats are periodically performed. In this evaluation OWASP and OSSTMM standards are applied. Furthermore, various scenarios are investigated, most part of which involve “Cyber Kill Chain” framework.
- Servers Located in Iran
All OMPFinex services which contain users’ data, specifically financial information and confidential details of users’ digital assets, are hosted by domestic servers. Therefore, the risk of account freezing and similar issues due to sanctions for Iranian citizens are completely removed.