Software Security Features
Configurable User Class Privileges
MLS administrators can define any number of user classes, each with a unique set of privileges for granting and denying access to different areas of the application. Used in combination with other aspects of a user’s identity (such as board, firm, or office affiliation), user class privileges also determine a user’s ability to search, view, and modify information at both the record and individual field level.
Strong Passwords and Password Management
MLS administrators may force users to choose a password that: contains a minimum number of characters; contains a minimum number of special or numeric characters; is different than the user’s name, login ID, or previously used passwords; does not match any words on an administrator-maintained list; etc. Additionally, the system can be configured to automatically force users to change their passwords on a periodic basis.
Simultaneous Login Management
To combat unauthorized account sharing, the system can be configured to only allow a certain number of simultaneous logins for each account. If the maximum number of permitted simultaneous logins is exceeded, the program can automatically take a number of actions, including logging off some or all of the users, denying access to the application, timed suspension, indefinite suspension, etc.
Multiple Authentication Modes
In addition to its native implementation of secure password transfer, the platform's security model supports additional authentication modes, including pass-through methods (Single Sign-On) using SAML tokens and digital signatures, and integration with third party strong authentication services such as RSA’s SecurID and Secure Computing’s PremierAccess Authentication (through SAFEMLS) to provide token-based two-factor authentication.
Advanced Application Security: SecurityLinx
MarketLinx offers advanced application security that can monitor the behavior of its users and automatically alert administrator of suspicious or abusive usage patterns, such as logging in from a large number of different computers, or a large number of simultaneous logins. Administrators can quickly and easily apply a range of sanctions, including forcing a password change, requiring the user answer to their password reminder question(s), account reactivation using a special code e-mailed to the account owner, timed suspension, indefinite suspension, and more.
Photo Watermarking
As part of the image upload process, all photos can be visibly watermarked with a configurable text string. Photo watermarking can be a strong deterrent to the unauthorized use of MLS photos.
RETS Security: RETS Professional
MarketLinx's MLS platform supports a number of tools to help prevent the abuse and unauthorized use of its RETS data access service, including:
- RETS data analysis providing a searchable, user-level analysis of RETS usage, including number of listings and photos downloaded, total bandwidth used, etc.
- IP address filtering, allowing administrators to permit or deny access to the RETS server based on a specific IP address or an IP address range.
- Data and image tagging providing a deterrent to unauthorized data distribution and a mechanism for identifying the parties responsible. (Data tagging works by appending visible text to selected text fields, such as "Copyright," "Courtesy of," or the User ID of the downloading user. Image tagging automatically tags a certain percentage of downloaded photos by adding custom information to the image file headers.)
- Data quotas and data throttling, which RETS administrators can use to configure a daily, weekly or monthly quota for each application group. When a quota is exceeded, the application can automatically send e-mail alerts and suspend RETS access.
Network and Application Security
MarketLinx uses redundant Cisco PIX firewalls to secure its network from external electronic attack, and various networks within the data center are partitioned from one another to contain potential intrusions. All systems are fully protected by Symantec anti-virus software.
Facility security includes high-speed automated back-up systems, onsite fire-safe media storage, offsite back-up media storage, dry-pipe fire suppression systems, motion sensors, and electronic key pass access control.
At the application level, user sessions are uniquely encrypted and valid for a limited time. All client input is validated on the server, and confidential content such as credit card information or passwords is SSL-encrypted. The application’s Middle Tier is engineered to prevent SQL-injection attacks, replay attacks, buffer overflow vulnerabilities, and more.
