Domain-name whitelisting, Firewall and facilitating Email Communication from the GAN platform

Follow

Horizontal_Banner.png

Summary

This document contains system requirements for tenants (clients) to utilize the GAN Integrated Compliance Management (GAN ICM) platform, a cloud-based Software-as-a-Service (SaaS) platform accessible through a web browser.

It describes the following:

  • HTTPS / TLS requirements

  • Domain-name whitelisting and Firewall
  • Securing Email delivery 

Recommendations

  • GAN recommends allowing users within the tenant's network to access: Traffic via HTTPS (port 443) to all subdomain*.gan-compliance.com .

  • To ensure uninterrupted service, we recommend https://s3.eu-west-1.amazonaws.com to be whitelisted.

Introduction

GAN ICM is web-based and thus the solution is only accessible by a web browser with a valid internet connection. We have collated an outline of officially supported browsers that enables users to take advantage of all products & features at the expected performance. Generally, updating to the most recent versions of browsers is key to benefit from optimum service, while staying safe and secure.

GAN ICM only allows traffic that is encrypted (TLS via HTTPS). HTTPS (HTTP secure) displays the URL address bar with a padlock on your web browser to indicate a secure connection. The encryption protocol, TLS (Transport Layer Security) ensures secure communications with your instance of GAN i.e, it is enabled by default for all gan-compliance.com subdomains; this facilitates privacy and data security for the end-user.

 

Domain-name whitelisting and Firewall

In order to provide the assurance that users of GAN ICM are interacting with the application in a secure environment, domain-name whitelisting is an effective method to ensure transactions that were intended by the tenant are not re-routed to a rogue website or hijacked. The tenant is defined by the subdomain (usually client name) of the instance i.e. https://<subdomain>.gan-compliance.com, whereby the subdomain enables the use of all GAN ICM services.

GAN recommends allowing users within the tenant's network to access: Traffic via HTTPS (port 443) to all subdomain*.gan-compliance.com .

To ensure a wide array of geographical reach, GAN serves static content via a CDN (Content Delivery Network) to provide fast and reliable service to all geographies.

 

Optional whitelisting

GAN ICM is accessed via https://<subdomain>.gan-compliance.com,  where HTML, CSS and JavaScript is served from (the front-end). The front end uses data from API’s (the back-end). The back-end is served from subdomains under .gan-compliance.com. The back-end is also restricted to only accept HTTPS traffic. 

Static content (such as custom images, policies and e-learning content) is served from GAN’s secure storage service. This is served via HTTPS on subdomains under https://s3.eu-west-1.amazonaws.com . To ensure uninterrupted service, we recommend this domain to be whitelisted.

Furthermore, CSS & fonts are served via HTTPS on subdomains under https://fonts.googleapis.com .

Last but not least, GAN utilizes Bugsnag for application stability monitoring https://sessions.bugsnag.com , which can be optionally whitelisted as far as your policy allows.

 

E-mails 

GAN ICM sends out e-mail reminders and notifications to users. The e-mail sender address from the tenant instance can be configured by your GAN Implementation or Account Manager. In order for GAN ICM to send e-mails on behalf of the tenant, GAN recommends that DNS (Domain Name System) records are configured accordingly. To combat e-mail spoofing and for GAN ICM to act as an authorized sender for your domain, GAN utilizes a policy, SPF (Sender Policy Framework), that defines which mail servers are authorized to send on behalf of the .gan-compliance.com domain. DKIM (Domain Keys Identified Mail) will be generated to ensure digitally signed delivery of e-mails coming from the tenant’s GAN ICM instance. To secure email delivery, a GAN Implementation or Account Manager will authenticate your domain (through Send Grid, our email service provider) and generate CNAME (Canonical Name) records unique to your instance, which will need to be verified through a handshake post-implementation.

As secondary or potentially an additional option to ensure successful e-mail delivery, you may choose to whitelist GAN’s IP. All e-mails sent from GAN ICM will come from the IP address 167.89.87.16 - GAN suggests whitelisting emails from this IP address to prevent e-mails from getting caught in spam filters or otherwise affecting successful delivery.

Should the above instructions transgress any of your policies then you may choose to use GAN’s No Reply email that can be configured by your GAN Implementation or Account Manager as noreply@gan-compliance.com that is not monitored.

Want to know more?

Suggested next read: Supported Browsers

Questions are welcome

Contact us through your GAN Solution Delivery Manager, GAN Account Manager or GAN Support

 

© 2020 GAN INTEGRITY INC. ALL RIGHTS RESERVED | The information contained in this document is solely for the intended recipient and may not be used, published or redistributed without the prior written consent of GAN INTEGRITY INC. While every care has been taken in preparing this document, GAN INTEGRITY INC. reserves the right to revise its contents without prior notice.

 

Was this article helpful?
0 out of 0 found this helpful