About Us  Contact Us  Support  Customer Access  Policies

Security

It's About Reputation

We recognize that we are responsible for the reputation of our customers as well as their technology. We take this responsibility very seriously. Any security breach could negatively impact both revenue and how our customers are preceived.

Physical Security

Our Arlington, Virginia data center is manned 24 hours a day and has CCTV monitoring. Access is available through key cards and is limited to essential personnel only. Visitors are escorted and kept to authorized customers and vendors only.

Data Center Infrastructure

We have multiple modes of guaranteeing continued operation of our data center:

• We have constructed and manage our core network to be resilient to attack and able to cope with very high traffic levels. We protect against common packet spoofing attacks, source routed packets and many other network specific vulernabilities.
• All traffic is inspected using multiple CISCO Intrusion Protection Systems (IPS). The IPS actively manage traffic blocking suspect packets in real time.
• We monitor our network looking for unusually high traffic levels that might indicated a compromised web site or rouge server (for example, a spike in discarded packets or an rapid increase in outbound traffic from a server)

Customer Installations

Each customer installation is designed and implemented with their business needs in mind, but there are a set of basic security policies that we apply to all installations:

• New customers are placed in private VLANs that segregate all traffic within the data center ensuring no risk of interference from other customers.
• Dedicated firewalls are preferred for all installations.
• New servers are hardened before delivery. As part of this process we work with the customer to ensure that only critical services are running and that they are configured in the least vulnerable way.
• We actively manage OS and application patching using tools such as WSUS and yum.
• Remote management access is managed through firewall rules or VPNs that reduce the visible ports available to an attacker. Unsecured remote management protocols such as FTP and telnet are eschewed in favor of more secure alternatives such as SFTP and SSH.
• We conduct daily port scans of all our managed servers. Unexpectedly open (or unavailable) ports generate an alert that is reviewed by our support team.
• We conduct periodic, high-level reviews of customer installations that focus on architectural issues. For older installations this is an essential element of the long-term management of the system. What may have been appropriate security technology when an installation was designed may not be sufficient as technology advances.

Copyright © 2012 · Irides, LLC