Security
Security Conscience ProgrammingThe application software was written using methods that prevent common hacker attacks such as Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injections and more. Third Party Security AuditsWe periodically hire Security Specialists to test the application software, server, network, and procedures. Robot DetectionWe take steps to detect robots and screen scrape programs. If unusual activity is detected, the user is immediately logged off and an audit is written for analysis. Suspicious activity will result in termination of Subscription and a permanent ban. Page Data TheftWhen displaying lists, we intentionally do not include the domain of email addresses, or the area code of phone numbers. This makes it more difficult and time consuming to steal data via screen-scraping or page printing. Protection of Physical Data CenterThe Data Center is designed utilizing the “N+1” design philosophy, which insures that every part of the facility is not only redundant, but has a hot spare on standby in case of an emergency. The HVAC system ensures continuous control of all heating, ventilating and air conditioning systems within the facility. A halon fire suppression and explosion protection system is extremely efficient in extinguishing most types of fires. There are multiple power systems, with connections to local power grids and multiple municipal power sources. Electrical power is supplied on separate feeds originating on different sides of the building. The on-site Uninterruptible Power Supply (UPS) system eliminates the inconvenience of lost data due to electrical disturbances and power outages caused by wind, storms, accidents, etc. The on-site electrical generator is powered by multiple high-quality diesel engines, ensuring capacity for continuous power. Access to the data center is restricted by key-card access by authorized personnel only. The center is monitored by video surveillance 24/7. |  Failed login attemptsIf you fail after three attempts, you must additionally enter a CAPTCHA. Failed logins are automatically reported to Digital Office admin and your IP is flagged. Repeated failures result in a ban of your IP. IP Login Audit TrailEvery time you login, your IP is written to an Audit Trail per User. You can periodically review the Audit Trail to make sure there has not been any unusual activity from an unknown IP. Inactivity TimeoutsIf you step away from your computer for a period of time, the system will automatically log you out. This helps prevent unauthorized access to your portal. You can setup two different types of timeouts, with two different times and actions. The first timeout can be set between 15 and 60 minutes, and will require User to re-enter just their password. The second timeout can be set between 1 and 8 hours, and will require User to re-enter their Portal, User-ID, and password. Secure ServerThe server is located in a Data Center “bunker” with a reliable third party hosting provider. When critical patches are released, the Operating System (O/S) is updated immediately. Non-critical patches are updated in a timely manner. We minimize the Services that are running on each Server. This reduces the number of vulnerabilities. For example, Email is run on a completely different server than the application. The Network is constantly monitored for Denial of Service (DOS) attacks, performance issues, and more. Self DestructYou can setup your portal to automatically delete itself under certain conditions. No action is required, only lack of action. So if you are detained and unable to login to delete your account, it can be setup in advance to delete automatically. Three-Tiered LoginWe prompt for an Account, User, and Password. One reason is so that Subscribers, if they desire to do so, can have multiple Users that share information within an Account, or Individuals can allow limited access to a “personal assistant” or other. The Account Owner can restrict what, or what not, any User can access. Another reason is that it makes it much more difficult for unauthorized persons or “robots” from trying to guess access codes. An attacker would have to get 3 credentials correct instead of just 2. This increases the odds exponentially. |