Security

Security Conscience Programming

The application software was written using methods that prevent common hacker attacks such as Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injections and more.


Third Party Security Audits

We periodically hire Security Specialists to test the application software, server, network, and procedures.


Robot Detection

We take steps to detect robots and screen scrape programs.

If unusual activity is detected, the user is immediately logged off and an audit is written for analysis. Suspicious activity will result in termination of Subscription and a permanent ban.


Page Data Theft

When displaying lists, we intentionally do not include the domain of email addresses, or the area code of phone numbers. This makes it more difficult and time consuming to steal data via screen-scraping or page printing.


Protection of Physical Data Center

The Data Center is designed utilizing the “N+1” design philosophy, which insures that every part of the facility is not only redundant, but has a hot spare on standby in case of an emergency.

The HVAC system ensures continuous control of all heating, ventilating and air conditioning systems within the facility.

A halon fire suppression and explosion protection system is extremely efficient in extinguishing most types of fires.

There are multiple power systems, with connections to local power grids and multiple municipal power sources.

Electrical power is supplied on separate feeds originating on different sides of the building.

The on-site Uninterruptible Power Supply (UPS) system eliminates the inconvenience of lost data due to electrical disturbances and power outages caused by wind, storms, accidents, etc.

The on-site electrical generator is powered by multiple high-quality diesel engines, ensuring capacity for continuous power.

Access to the data center is restricted by key-card access by authorized personnel only.

The center is monitored by video surveillance 24/7.

Failed login attempts

If you fail after three attempts, you must additionally enter a CAPTCHA.

Failed logins are automatically reported to Digital Office admin and your IP is flagged. Repeated failures result in a ban of your IP.


IP Login Audit Trail

Every time you login, your IP is written to an Audit Trail per User. You can periodically review the Audit Trail to make sure there has not been any unusual activity from an unknown IP.


Inactivity Timeouts


Secure Server

The server is located in a Data Center “bunker” in the Netherlands.

When critical patches are released, the Operating System (O/S) is updated immediately. Non-critical patches are updated in a timely manner.

We minimize the Services that are running on each Server. This reduces the number of vulnerabilities. For example, Email is run on a completely different server than the application.

The Network is constantly monitored for Denial of Service (DOS) attacks, performance issues, and more.


Self Destruct

You can setup your portal to automatically delete itself under certain conditions. No action is required, only lack of action. So if you are detained and unable to login to delete your account, it can be setup in advance to delete automatically.


Three-Tiered Login

We prompt for an Account, User, and Password.

One reason is so that Subscribers, if they desire to do so, can have multiple Users that share information within an Account, or Individuals can allow limited access to a “personal assistant” or other. The Account Owner can restrict what, or what not, any User can access.

Another reason is that it makes it much more difficult for unauthorized persons or “robots” from trying to guess access codes. An attacker would have to get 3 credentials correct instead of just 2. This increases the odds exponentially.