π Security
"In the insurance industry, customer data is not just an asset β it is a trust relationship."
Why Security Is Priority Oneβ
Ingenium systems contain data for millions of insurance customers β personal information, policy contracts, payment history. A security breach can result in:
- πΈ Regulatory fines under GDPR, local data protection laws, and insurance regulations
- π° Reputational damage that cannot be quantified in a spreadsheet
- βοΈ Legal liability toward millions of customers
Nexus was designed from the ground up with a security-first mindset β security is not a feature bolted on after the fact; it is the foundation of the architecture.
π Credential Encryptionβ
AES-256-GCM β Military-Grade Standardβ
All credentials (DB2 passwords, SSH keys, API keys) are encrypted with AES-256-GCM before being stored anywhere.
Enter passphrase
β
βΌ
ββββββββββββββββββββββββ
β Derive encryption β β scrypt (CPU/memory-hard)
β key from passphrase β Computationally infeasible to brute force
ββββββββββββ¬ββββββββββββ
β
βΌ
ββββββββββββββββββββββββ
β AES-256-GCM Encrypt β β NIST 800-38D
β Random 96-bit IV β New IV generated per encryption operation
ββββββββββββ¬ββββββββββββ
β
βΌ
ββββββββββββββββββββββββ
β Secure Storage β β File system (ciphertext only)
β (Ciphertext + Auth β Plaintext never written to disk
β Tag + IV) β
ββββββββββββββββββββββββ
Credential Lifecycleβ
- Lazy decryption: Only decrypted at the precise moment of use
- Zero plaintext persistence: Plaintext credential exists only in RAM, scoped to the consuming function
- Secure drop: Memory overwritten with zeros immediately after use (Rust
zeroize) - Never logged: The logging system actively prevents credentials from appearing in any log output
π‘οΈ OWASP Top 10 Protectionsβ
Injection Attack Preventionβ
SQL Injection β Zero Risk:
// Built-in sql_escape() in Core library
// Escapes all special characters before query construction
let safe_query = format!(
"SELECT * FROM policies WHERE id = '{}'",
sql_escape(&user_input)
);
Command Injection β Architecture-Level Prevention:
- User input is never passed directly to shell commands
- All parameters go through whitelist validation before use
- Parameterized commands with full argument escaping
Access Controlβ
| Protection Layer | Mechanism |
|---|---|
| Authentication | Encrypted credential verification before every operation |
| Authorization | Role-based access, principle of least privilege |
| Audit trail | Immutable log of all sensitive operations |
| Rate limiting | Request throttling to prevent brute force attacks |
π¦ Rust β Memory Safety by Language Designβ
Unlike traditional C/C++, Rust prevents memory vulnerabilities at compile time β no runtime checks, no overhead.
| Common Vulnerability | C/C++ | Rust |
|---|---|---|
| Buffer overflow | β Undetected | β Compile error |
| Use-after-free | β Crash/exploit | β Borrow checker prevents it |
| Null pointer dereference | β Segfault | β
Option<T> forces handling |
| Race condition | β Hard to detect | β Send/Sync traits block compilation |
| Memory leak | β Common | β RAII auto-releases memory |
Practical outcome: No high-severity CVEs related to memory bugs in Nexus's history.
π Network Connection Securityβ
SSH Securityβ
- Key-based authentication recommended; password authentication can be disabled
- Known hosts verification β prevents MITM attacks
- Connection pooling with periodic health checks
HTTP API Security (isman)β
- All requests go through authentication middleware
- Input validation on every endpoint
- Error responses do not leak system internals
π Monitoring and Anomaly Detectionβ
| Event | Action |
|---|---|
| Repeated login failures | Increasing delay, alert, lockout after N attempts |
| Abnormal DB2 query volume (above threshold) | Warning log, operator notification |
| Ingenium server unresponsive | Immediate alert, failover if configured |
| Credential decryption failure | Security alert β specific reason not disclosed in response |
β Deployment Security Checklistβ
| Item | Default Status |
|---|---|
| Credentials stored as AES-256-GCM ciphertext | β Mandatory |
| No plaintext in any log output | β Mandatory |
| SSH using key pairs instead of passwords | πΆ Recommended |
| Restrictive file permissions on credential store | β Mandatory |
| Audit log for sensitive operations | β Mandatory |
| Network segmentation (isman not publicly exposed) | πΆ Recommended |
| Regular credential rotation | πΆ Recommended |
| Encrypted backup of credential store | πΆ Recommended |
π Legal Noticeβ
This document is provided for informational and advisory purposes only. All trademarks are the property of their respective owners. This project has no affiliation with DXC Technology, Sun Life, or any other third parties mentioned herein.