DDNS Security Statement
This statement is intended to address our security measures and protocols used by our web products, and describes the measures we have taken to ensure these products are safe to use.
As we pave the way for our software to be more dynamically accessible, some MacPractice products and integrations make use of a “fully qualified domain name” (FQDN) to allow both MacPractice users and patients to work more easily with MacPractice.
MacPractice employs a dynamic DNS system, which allows your MacPractice server to update the DNS record for your FQDN should your public-facing IP change due to outages, changes in ISP, or as part of normal network operations within your ISP. We implemented this solution to combat the lack of availability of static IP addresses in many locations.
MacPractice secures communication with your FQDN by maintaining an SSL certificate tied to that domain. In order to issue an SSL certificate with a valid and recognized chain of authority, MacPractice makes use of HTTP requests on port 80 to verify the requesting server (your MacPractice Server) can respond when queried by the FQDN supplied in the request. Once the certificate is obtained, SSL secured requests are accepted on port 443. These certificates must be renewed every 90 days. Further, providers of this service do not maintain any sort of whitelist.
For simplicity, we communicate the combined set of FQDN, dynamic updating of IP and DNS, and SSL certificate under the umbrella term of MacPractice Dynamic DNS.
The following products currently rely on our Dynamic DNS implementation:
MP.Go
MP.Go is the first released product to make full use of the Dynamic DNS system and has always been designed to be reachable from the public internet. As MP.Go was our first product using this system, we hired a 3rd party independent security firm to do a full security scan on our product and implementation. They deemed this product as secure with the set up we have on the ports discussed above.
Global Payments
Our integration with Global Payments (formerly known as TSYS) requires that each software endpoint configured to process credit card transactions have an FQDN that can be used to validate the source of this type of network traffic. Aligning with the long term strategy for MacPractice, Global Payments was integrated into the Dynamic DNS system for the added security benefits. Before releasing this integration, we were required to submit our approach for approval by Global Payments.
MP Engage
MP Engage makes use of Dynamic DNS to validate and secure communications with our API gateway. This gateway communicates with your MacPractice server to securely provide information required for the delivery and management of two-way appointment reminders and individual patient contact preferences.
Future Products
As we move forward, other MacPractice products may make use of the Dynamic DNS system. In each case, MacPractice will test these endpoints prior to release to ensure the maximum possible security without compromising functionality. Testing will be completed by a 3rd party vendor with experience in validating the security of web products. MacPractice will continue to make security a top priority and mitigate any concerns or vulnerabilities through independent security audits.