Security Conscience Programming
Third Party Security Audits
We periodically hire Security Specialists to test the application software, server, network, and procedures.
We take steps to detect robots and screen scrape programs.
If unusual activity is detected, the user is immediately logged off and an audit is written for analysis. Suspicious activity will result in termination of Subscription and a permanent ban.
Page Data Theft
When displaying lists, we intentionally do not include the domain of email addresses, or the area code of phone numbers. This makes it more difficult and time consuming to steal data via screen-scraping or page printing.
Protection of Physical Data Center
The Data Center is designed utilizing the “N+1” design philosophy, which insures that every part of the facility is not only redundant, but has a hot spare on standby in case of an emergency.
The HVAC system ensures continuous control of all heating, ventilating and air conditioning systems within the facility.
A halon fire suppression and explosion protection system is extremely efficient in extinguishing most types of fires.
There are multiple power systems, with connections to local power grids and multiple municipal power sources.
Electrical power is supplied on separate feeds originating on different sides of the building.
The on-site Uninterruptible Power Supply (UPS) system eliminates the inconvenience of lost data due to electrical disturbances and power outages caused by wind, storms, accidents, etc.
The on-site electrical generator is powered by multiple high-quality diesel engines, ensuring capacity for continuous power.
Access to the data center is restricted by key-card access by authorized personnel only.
The center is monitored by video surveillance 24/7.
Failed login attempts
If you fail after three attempts, you must additionally enter a CAPTCHA.
Failed logins are automatically reported to Digital Office admin and your IP is flagged. Repeated failures result in a ban of your IP.
IP Login Audit Trail
Every time you login, your IP is written to an Audit Trail per User. You can periodically review the Audit Trail to make sure there has not been any unusual activity from an unknown IP.
If you step away from your computer for a period of time, the system will automatically log you out. This helps prevent unauthorized access to your portal.
You can setup two different types of timeouts, with two different times and actions.
The first timeout can be set between 15 and 60 minutes, and will require User to re-enter just their password.
The second timeout can be set between 1 and 8 hours, and will require User to re-enter their Portal, User-ID, and password.
The server is located in a Data Center “bunker” with a reliable third party hosting provider.
We minimize the Services that are running on each Server. This reduces the number of vulnerabilities. For example, Email is run on a completely different server than the application.
The Network is constantly monitored for Denial of Service (DOS) attacks, performance issues, and more.
You can setup your portal to automatically delete itself under certain conditions. No action is required, only lack of action. So if you are detained and unable to login to delete your account, it can be setup in advance to delete automatically.
We prompt for an Account, User, and Password.
One reason is so that Subscribers, if they desire to do so, can have multiple Users that share information within an Account, or Individuals can allow limited access to a “personal assistant” or other. The Account Owner can restrict what, or what not, any User can access.
Another reason is that it makes it much more difficult for unauthorized persons or “robots” from trying to guess access codes. An attacker would have to get 3 credentials correct instead of just 2. This increases the odds exponentially.