Security


Perimeter security via multi-tiered firewalling

Internet Design Company servers are protected with software-based firewalling which look at source and destination addresses, and ports. Security administrators handle all aspects of firewall management. Our engineers are familiar with many types of firewall applications, including CheckPoint, ipchains, ipfw, ipfwadm, etc. We are able to modify response packets with masquerade responses to the remote initiator. Our systems are secured using the latest security methods including router access list filtering on inbound carrier feeds and firewalling at the SYN level on internal devices.

Intrusion Detection

We currently use a number of intrusion detection applications such as TRIPWIRE, along with our own proprietary monitoring and logging systems. These systems notify our security response team during scans and potential DOS attacks. We react to these situations immediately, modifying ACLs as needed. In certain cases rules are implemented automatically during detection. All suspicious activity is logged hard copy directly to a printing station which is monitored closely. This ensures there is no tampering with conventional soft copy logs.

Anti Virus Measures

Our systems are protected against viruses by extensive built-in access controls. Regular users are unable to access or damage system files.

Offsite Backups

Automated offsite secure storage backups to our mirrored storage arrays in the southern US are conducted through secure encrypted tunnels using SSH with confidential data encryption prior to transit.

Disaster Recovery Procedure

Our disaster and recovery site is currently located in the South Eastern United States. This site is for the sole purpose of emergency fail over. This NOC is capable of handling all traffic in case our eastern operations is interrupted, however we have taken every precaution necessary to ensure our services will be available under all circumstances. This site is also set up in a redundant, robust, high availability clustered environment. This allows multiple equipment failures with zero degradation in service. All sites are designed and implemented as exact duplicates to ensure the operating environment remains the same. users are unable to access or damage system files.

Recording and determining access to data

Every employee with access to internal computer interfaces that includes customer data is assigned a unique username, ID number and password. Access to customer data is restricted based on the responsibilities of each employee. Each user is assigned an appropriate access level. Employees are only granted access to information that is essential for them to efficiently perform their job requirements. The actions of each individual on the computer system are recorded and logged by employee ID number.

Printed documents that include sensitive customer information are protected in locked file cabinets. An access control system that uses key fobs restricts access to server rooms and programming areas. Individuals are granted access to these areas only if it is essential for them to effectively perform their responsibilities.

Our practices regarding the protection of customer information are captured in our Privacy Policy. The Privacy Officer is responsible for ensuring the responsible management of all customer information.

Passwords

All passwords must be changed from vendor-supplied defaults upon initial use. To ensure the effectiveness of security parameters, we recommend a combination of uppercase letters, lowercase letters, numbers and symbols for each password. Employee passwords are regularly tested to ensure that they are not easily compromised.

Secure Server Details

We are using Linux-based Apache with 128 bit SSL encryption.

Offsite secure storage is performed at both of our remote NOCs. These backups are done through secure encrypted tunnels using SSH, with confidential data encrypted prior to transit.