...
Virtual Private Cloud with firewall, for provisioning resources in a logically isolated network.
VPC peering, providing a networking connection between VPCs that enables routing of traffic using the private network.
Use of jumpboxes for SSH access and secure access through SSL VPN.
Layered IP filtering using Access Control Lists and Security Groups.
Follow PKP guidelines for secure deployment of the OJS application.
Authentication and Authorization
TDL-hosted journals use the default functionality for OJS, which authenticates users against its internal database.
Recaptcha and account validation is enabled for user registration to prevent spam user account creation.
Role-based access control is used within the application, with top-level Administrator access reserved for designated TDL staff only.
End users are not authorized to add new plugins, and developer must review any plugin requests for security vulnerabilities prior to making them available for use.
Encryption
All calls to hosted OJS journals are encrypted using Transport Layer Security protocols (HTTPS).