Results. Delivered.

System Security

Modified on: 2015-07-14 11:56:19 -0500


NIST/FISMA Security Standards Compliant

  • Best practice for data security
  • Quarterly scan of network systems to ensure ongoing compliance by Tenable Security
  • Daily scan of web systems to ensure ongoing compliance by Network Solutions
  • Quarterly scans and penetration testing of all our systems to ensure ongoing compliance by VeraCode

Physical Security
  • Intel Xeon Server Grade hardware in SAS-70 Type II certified Datacenter
  • Secured site perimeters, Proximity Badge Access, Digital Video Surveillance
  • Hardware RAID controllers on all servers
  • 100% Redundant Cisco Network, Gigabit Backbone, Multi Feed Net Providers
  • CISCO Guard Denial of Service (DOS) Protection
  • Network Intrusion Detection System
  • Enterprise Breach Traffic Analysis and Response

Network Security
  • Encrypted data transfer via HTTPS (128-bit SSL Network Solutions certificate)
  • All sysadmin access is recorded and stored in offsite logs
  • Authentication via encrypted multi-master authentication system (LDAP)
  • IP Lockdown:  Limit web services to specific range of IP addresses
  • Dedicated hardware firewalls on all publicly-facing servers
  • Inter-server communication on private subnet, not routable on the Internet
  • Best practices used in random generation of initial passwords

Data Security
  • Encrypted server access and data transmission (128-bit SSL certificate)
  • Customer data protected by Privacy Policy
  • Backups taken at 10 minute intervals at geographically separate data-center
  • 128-bit encrypted data transmission (SSL)
  • All software maintained with latest security patches
  • All network software compliance validated daily by GFI

Security Management
  • Review our Terms of Service
  • Security Policies are reviewed every six months
  • Authentication via multi-master authentication system (LDAP)
  • Only authorized, security-trained employees can access servers
  • Direct C-level executive responsibility for overall Infrastructure Security

Redundancy
  • All servers include redundant RAID storage devices
  • Node clusters are distributed across multiple data centers
  • Project data is backed up to hot (onsite) and cold (offsite) servers, with files transferred within a secure private sub-net
  • Database servers are completely multi-site redundant, including our SQL and DNS systems

Security Controls
  • Disable user feature - immediately lock down at risk employees
  • Set a maximum password age, forcing users to regularly update their passwords
  • Enforce a minimum of "strong" passwords; passwords rated "medium" or lower can be banned
  • Immediately force a global reset of all passwords in your organization.  Everyone gets locked out until they change their passwords

Did you find it helpful? Yes No

Can you please tell us how we can improve this article?

More articles in System FAQ