* Deployed as a virtual machine or hardware appliance
* Application built on top of Debian 7.5 Stable (Wheezy).
* MySQL used for data storage.
* Nervepoint Application server component is written in Java and industry standard components
including Spring, Jetty and others.
* Webmin is provided for virtual machine configuration. This will be phased out in a future
* The web server provides 2 different services. A web based UI for browsers, and a JSON based
RPC protocol used by the Mobile Application and the Windows "Desktop"
* Nervepoint web user interface uses the Wicket 6 framework.
* On initial install end user is required to define a unique root password
* Operating system can only be accessed locally
* No direct remote access for maintenance. Our support staff use the customer initiated "support
callback" when required which is a reverse SSH tunnel.
* Customer should firewall webmin (port 10000).
* MySQL only allows local connections (from Nervepoint).
* All user secrets (answers, PINs, passphrases) are stored by default as one-way hashes.
An optional less secure two-way mode may be enabled by the administrator where they are
* All other non-secret data is stored unencrypted in MySQL's data format.
* All communication with the server is via SSL. Customer must purchase and install a signed
certificate. This applies to web interface, mobile access and desktop access.
* Weak SSL ciphers and protocols are disabled by default.
* Connections to directories are secure. SSL must be used for Active Directory (although a
read-only mode is possible when unencrypted).
* Server may specify IP ranges and restrictions for desktop access and browser access.
* Password reset, account unlock and login attempts all limit the number of attempts that
may be made in certain time limits.
* Captchas may be used for authentication to further protect against brute force attacks.
* Multi-factor authentication including SMS, OTP, Passphrase, PIN, Captcha, IP authentication