|
security and access
questions
Security and access are key
questions from our clients who can have their work managed via our web
application. These issues have been largely accommodated in the internet world
since 2000 via multi-layer defence or defence in depth. The layers are explained
in this document. Executive Investigations implement all of these layers and
have options to add extra defences for particular customers should they be
required.
SSL Lock down
When a user logons onto our
web application. The web browser will put a small padlock in the bottom right
hand of the page. This indicates that all transmissions of data between the web
browser and our application are encrypted. The certificate locking down the main
application is 128 bit encrypted. This sort of security is used by banks and
shopping sites to protect your credit card number from theft. For more details
about this, see http://en.wikipedia.org/wiki/Transport_Layer_Security
Nagios
Monitoring
All of
our sites are monitored once a minute to report systems down, potential problems
and suspicious activity. All exceptions are reported back to the support team
via email and in particularly bad cases SMS for immediate action.
Intrusion Detection System
We
utilise an intrusion detection system to tell us if there is suspicious activity
and to automatically block attackers attempts to break into the application
sites. The IDS runs continuously and monitors all network traffic and user's
logged on for suspicious activity. If an attacker breaks in, we have software
that checks the files automatically to tell us if they have been altered by an
attacker. From there we can react and move the applications to a new,
uncorrupted environment.
Virtual Environments
All of
our customer instances are separated into there own virtual environment. This
isolates the data for each customer and improves isolation security.
Security Patches
Many
attacks occur if the software exposed to the internet is not 'patched' regularly
for security issues. We have a procedure in place to ensure this happens daily.
Off-site Backups
All
customer data if requested is backed up, encrypted and sent off-site to a server
remote to the main server pool. We can restore a customer to the end of previous
day operations should the need arise. We regularly check the backups for
completeness as part of our support business processes.
Viruses and Spyware
We
deploy all our system application servers using the Linux operating system.
There are no know viruses and spyware
that
affect this environment due to the way the operating system has been
architected.
Internet Connection:
Our
System hosted at Global Switch in Sydney on multiple redundant servers. With
access to four (4) separate dedicated Internet carriers each providing speeds
of up to 100Mbps Both uploading and downloading data.
For more information on our Servers security
visit.
http://www.globalswitch.com/locations/sydney.en.html and or
http://www.globalswitch.com/infrastructure/index.en.html
|
