Axentra takes security seriously, and we’ve designed our HipServ™ product to ensure that our customers’ personal data is not compromised.  Through our adherence to encryption and authentication standards, your information is safe and secure.  Read below for some questions and answers about HipServ’s security:

Who can access my files?

1. Files and folders stored on your HipServ are private by default, but sharing is easy.  First, you can choose to share a folder with individuals by entering their email addresses.  HipServ provides a unique link to the folder within the email.  You can also make a folder globally accessible and simply provide a public link to it.  It’s your choice.  You can also stop sharing a folder at any time; any further attempts to access the folder through links you have provided will be denied.

:: Back to top

Are you using SSL (https)?

1. If port 80 is blocked, the HipServ platform will automatically use SSL for data transfer.

:: Back to top

Can I encrypt my data?

1. The data on the HipServ cannot be encrypted by the HipServ platform. The audio visual content must be available in standard format for playback by connected DLNA® or UPNP™ compliant devices. Personal files can be encrypted prior to being uploaded to the HipServ unit, but the file cannot be decrypted and consumed automatically.

:: Back to top

Is HipServ secure against hacking?

1. The HipServ platform is based on version 4 of the enterprise Linux® product† developed by Red Hat, Inc‡. The Linux OS and the HipServ platform prevent execution of macros or code from arbitrary third parties. Put simply, the only applications that run on the HipServ platform are those installed by Axentra. Since there is no mechanism to run un-trusted applications on the system, the HipServ software is secure from Trojan Horse attacks and hackers who typically gain access to computers by running scripts or malicious applications.
2. Restricted user access to the HipServ platform prevents malicious code from executing either on the root or elsewhere in the platform. You can only access the device and view content after authenticating over secure and encrypted connections to Axentra’s central server. You cannot run applications on the HipServ platform.
3. Furthermore most routers on the market that may be connected to the Hipserv device have built in firewalls that prevent users from accessing networked computers and devices. If standard wireless security protocols such as WEP/WAP protection are used, you can further protect your HipServ device from the remote chance of it being compromised.

:: Back to top

How can I get secure access to my device?

1. The HipServ platform simplifies the connection to the internet by automatically configuring the access mode based on standard ports. If port 80 is not available due to ISP or firewall restrictions, the HipServ system will automatically use SSL to connect the remote user via secure communications to the HipServ device. If this also is not available, the HipServ system will employ the NAT traversal algorithm to connect the remote user to the HipServ device.

:: Back to top

What about viruses and spyware?

1. The Linux architecture and the HipServ platform prevent active application execution by the user. Furthermore, restricted access to the HipServ platform prevents malicious code from executing either on the root or elsewhere in the platform. Since it is very difficult to run un-trusted applications on the system, the HipServ application is highly secure.

:: Back to top

Do I need to be concerned about security patches?

1. Since the HipServ platform is based on version 4 of the enterprise Linux product developed by Red Hat, Inc. ‡, security vulnerabilities are patched very quickly and are available through direct updates to the device. In this rare situation, Axentra will notify you of the availability of a security patch that can be automatically downloaded and installed.

:: Back to top

How secure is your central server?

1. The central server is highly secure, redundant and available, and hosted at a world class SAS 70 facility .

:: Back to top

Do you store my personal data on your central servers?

1. Axentra stores data used to authenticate users accessing HipServ devices. The encrypted password entries are stored in a database on both the HipServ central server and your HipServ unit.  The design of Linux password entries ensures passwords cannot be viewed by anyone on your network, or anyone from Axentra or its affiliates. The data is not used for any other purposes and is not shared with third parties.

:: Back to top

What is your privacy policy?      

1. Please refer to the privacy policy on the [OEM name]/Axentra ??????  website.

:: Back to top

How can I revoke access privileges from a user?

1. canto  easily remove all guest user access to a folder,  turn off sharing for that folder. To revoke a specific user’s access to a folder, remove that user from the list of guest users who have  access to the folder. To remove a specific user’s access to all folders, the user must be removed from the list of guest users for all folders they had access to..

:: Back to top

Can I back-up my data?

1. Data can be backed up onto a USB hard drive or other storage media by using the MySafe feature.

:: Back to top

Can I back-up my data offsite?

1. Data backed up onto an external USB hard drive or storage media can be moved offsite after a back-up. However, a HipServ online back-up service is coming soon!

:: Back to top

Do you support redundancy?

1. The Hipserv platform supports multiple RAID configurations. Different OEM manufacturers are developing HipServ-based products to leverage the RAID compatibilities offered by HipServ.

:: Back to top

What is RAID?

1. RAID is an acronym for “Redundant Array of Independent Drives” which means simply that your data is divided and replicated among multiple hard disk drives.

For a more technical understanding of HipServ’s security, please see our Security Briefing Document

:: Back to top

General Usage

How do I manage my content?

1. Once you’ve imported your data into your HipServ environment you can manage the content by organizing it into folders under the FamilyLibrary or MyLibrary tabs:  FamilyLibrary is accessible to anyone with a user account on the HipServ device, MyLibrary is accessible only to a specific user account. You can also share this content with users by clicking on the sharing icon next to each folder to invite them via email to view content.

:: Back to top

How do I control external access to my content?

1. Files and folders stored on your HipServ are private by default, but sharing is easy.  First, you can choose to share a folder with individuals by clicking on the sharing icon and entering their email addresses.  HipServ provides a unique link to the folder within the email.  You can make a folder globally accessible and provide a public hyperlink to it. You can also stop sharing a folder at any time; any further attempts to access the folder through links you have provided will be denied.

:: Back to top

Can I prevent my kids from seeing my personal files?

1. The MyLibrary section can be used to store all of your personal files. Files in the MyFamily folder are visible to other account holders, and shared by default with DMA devices connected to the home network.  Users on the network with access can use the windows explorer or similar application to navigate through the folders on the HipServ.

:: Back to top

Can I prevent my contacts from viewing some of my content?

1. You can stop sharing a folder with a contact at any time; any further attempts to access the folder through links you have provided will be denied. If you want only to provide access to files in a subfolder, you can revoke access to files in the top level folder.

:: Back to top

Can I prevent my users from uploading content to my LaCie ED?

1. When you share folders, you can optionally allow the guests to upload pictures to those folders. You can revoke this uploading permission at anytime by clicking on the sharing icon for the folder in question, unchecking the “allow users to upload files” checkbox, and clicking “save”.

:: Back to top

What do I need to do to maintain my LaCie ED?

1. The HipServ software is a highly stable platform based on version 4 of the enterprise Linux product developed by Red Hat, Inc. ‡ There is no need to actively maintain the software on the LaCie ED.

:: Back to top

Can I back-up my important files offsite?

1. You can back-up your data from your HipServ device using the MySafe feature. This allows you to back-up your important files to a USB storage device (hard drive, USB key or similar) and store it offsite. In the near future, HipServ will also provide you with functionality to back-up your important files online.

:: Back to top

How can I set up my device to work with non-UPNP routers?

1. The HipServ software automatically sets up the device to access the central server for authentication and to provide external access to users. In cases where the home router does not support UPnP configuration, HipServ uses a secure approach to connect the device to Axentra’s central server using a virtual private network (VPN) connection.  This allows the device to work with most legacy routers that do not support UPNP standards.

:: Back to top

How does HipServ solve the NAT-Traversal problem?

1. HipServ uses a VPN based solution to build a tunnel between a HipServ device and Axentra’s central server. This provides internet access in a highly secure environment for authentication with the central server.

:: Back to top

What the heck is NAT-Traversal?

1. If you’re REALLY bored and want to learn about Network Address Translation-Traversal, may we suggest some fireside reading of this Wikipedia description.

:: Back to top

How do I restore my data?

1. Restoring data that has been backed up to the HipServ device using the Desktop mirror can be quickly backed up by simply clicking on the “Restore” button.

:: Back to top

What’s in Store for HipServ?

What features can we expect to see in the future?

1. Axentra is enhancing the HipServ feature set in a number of ways. In the near future the HipServ platform will support the delivery of online services such as online back-up, online printing and other 3rd party services. Axentra is also working to enhance the content management feature of the platform to allow users to create albums and playlists that can be viewed through the web and shared with other users.

:: Back to top

What standards will you support?

1. Hipserv supports numerous standards and protocols including UPnP, WMC, Bonjour, and many media file formats (JPEG, MPEG, MP3, AAC).  Axentra keeps a list of compatible devices to ensure that users will be able to access and enjoy all of their content. 
2. Axentra is a member of the Digital Living Networking Alliance (DLNA – www.dlna.org), an organization that is leading the standards for device interoperation. DLNA certification is device specific; in Axentra’s case, the hardware manufacturer would be the party to certify the specific device for DLNA compliance. 

:: Back to top

Can I request feature enhancements?

1. Axentra relies on customer feedback to drive our feature enhancements. Please contact support@axentra.com, or visit our forum at hipservforums.axentra.com to give us your feedback!

:: Back to top

Where can I get more information?

1. Please contact info@axentra.com to request additional information.

:: Back to top

Security Briefing Document

This paper provides background information on HipServ’s security features.  It is meant to provide a more detailed technical description of those security features and the steps Axentra has taken to protect our customers’ data.

:: Back to top

Central Portal Service

Axentra’s HipServ Central Portal Service (CPS) acts as an authentication server, with all username and password transmissions forced through the secure HTTPS protocol.  Regular HTTP access to the HipServ device is authenticated over HTTPS, and then the data transmission takes place peer to peer with the HipServ device over HTTP.   All CPS logins are done over https; once the user signs in, the browser uses HTTP for data transfer to and from the HipServ device unless port 80 is blocked.

:: Back to top

Notable for OEMs

For data transmission, Axentra can configure the remote access service to default to either HTTP or HTTPS.  When an OEM is deciding whether the default should be HTTP or HTTPS, a major consideration is the type of SSL certificate on the CPE device: whether a) self-signed or b) signed by a recognized Certificate Authority (CA). If the SSL certificate on the CPE device is self-signed, the recommended default protocol is HTTP, in order to avoid SSL security popup warnings, especially in IE7, due to the self-signed certificate.  If the SSL certificate on each CPE device is signed by a recognized CA, then Axentra recommends making HTTPS the default protocol for data transmission (by redirecting HTTP URLs to the equivalent HTTPS URL).

:: Back to top

Remote Access

Remote access services in HipServ comprise three categories:

1.  WebUI for file manager and other general GUI access and management
2. WebDav for exploring folders similar to the Windows explorer interface
3. Remote back-up/restore and synchronization

The web-based services (1 and 2) are implemented using the Apache web server for the HTTP/HTTPS and webDAV protocols.  Apache is an enterprise class web server and widely respected in the industry for being suitable to deploy on the Internet.

Version 4 of the enterprise Linux product developed by Red Hat, Inc. ‡ is a major secure distribution. Whenever Red Hat, Inc. ‡ makes available a updated package in version 4 of its enterprise Linux product, Axentra, without any endorsement by, or affiliation to, Red Hat, Inc, may then obtain the updated package and incorporate it into HipServ.

The back-up/restore and sync services are implemented using the OpenSSH implementation of the SSH protocol, over which the remote syncing technology of Rsync is employed. Axentra’s HipServ system explicitly disallows logins over the SSH to increase security and address the risk of SSH dictionary attacks which are frequent on the Internet today.

†Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.  All other trademarks mentioned in this document or web site are the property of their respective owners.

‡In no event should any reference to Red Hat, Inc. or to any of its products be construed as an approval or endorsement by Red Hat, Inc. of any product or service provided by Axentra.

:: Back to top