Regarding scientific developments and the deep integration of various technologies in societies and people’s life, security has become an important factor in these innovations. One of the most novel of these technologies are cryptocurrencies which their rapid growth and expansion comes from a high level of global demand for them. However, this level of adoption has opened new doors to fraudsters to deploy new scam plots.

In fact, crypto users can protect themselves to an extent; Hence, OMPFinex team with regard to this issue has decided to provide a secure platform to its users, in which the security-management cycle runs by the security team so that users can engage trading with a peace of mind.

Security in OMFinex Vital Infrastructures

The infrastructure security framework which the company has decided to implement entails five major stages including collection of information, protection, identification, response and recovery through which the system is protected in the most standard condition.

The process explores and evaluates various sectors and the most important parts are:

  • Security Analysis

    The system can gather a complete list of threats through this and identify malfunctions by analyzing them.

  • Breach Detection

    The system begins to transfer data from sub-systems to the server for investigation, so the malwares and suspicious activities are detected.

  • Log Data Analysis

    The system periodically submits all the log data to evaluate them if needed.

  • File Integrity Monitoring

    This system inspects changes on the operating system. In case of a change, addition or removal of a file, it must be reported to the server to get checked by the security director.

  • Vulnerability Detection

    The system is designed to check and detect different vulnerabilities monitored by MITRE ATT&CK project.

  • Configuration Assessment

    According to security standards, the system periodically checks for insecure OS configurations.

  • Acute Response(Incident Response)

    This section consists of several scripts gathered by the security team to provide the correct response for the event that any bad behavior comes up.

  • Regulatory Compliance

    This system checks the compliance of some required security controls with international standards and regulations.

  • Cloud Security

    The system tries to identify possible vulnerabilities through collecting various modules’ security data from cloud services like Google, Microsoft and Amazon.

  • Containers Security

    The system provides the ability to identify threats, vulnerabilities and malfunctions based on Docker.

Security on the Infrastructure of Cryptocurrency Platform

Cryptocurrency Security Standard (CCSS) defines a set of requirements for information systems using cryptography. It involves crypto exchanges, web applications and blockchain-based storage solutions.

This standard aims to protect cryptocurrency related data from unauthorized access, loss of sensitive data and data breaches. Currently, CCSS is a standard specified for every institution managing crypto wallets as a part of their business logic and it considers 10 aspects in security which are categorized in three levels. The company has adjusted its security measures according to this standard to overcome various fraud schemes. It is worth noting that all the users’ assets are stored on “cold storage” in an isolated system of which backups are regularly collected; These backups are stored in a different place, so in case of a total breach to the system or natural causes such as fire and etc., users’ assets will not be exposed to the risk.

ارزیابی امنیتی دوره‌ای

Security Assessment involves stages of periodic platform security tests and the sections exposed to threats. The process applies OWASP and OSSTMM standards. Also, different scenarios are taken into consideration, most of which are related to Cyber Kill Chain attacks.

Iran Based Servers

All the services on OMPFinex, including users’ data, notably finance related information and users’ digital assets confidential data are fully hosted by domestic servers. Hence, there is no risk to asset freezing or similar issues due to financial sanctions posed on the Iranian people.