MyWebWorkplace Security

by Lee Porter 22. June 2011 10:09

We understand the importance of security when using a system like MyWebWorkplace, particularly when you consider the broad nature of the information we hold on your business and its people.  This is especially important when you consider the large, and supposedly, secure companies that have had their data stolen in the past few months.  We have specialist network and web security knowledge in house.  MyWebWorkplace employs a number of security features:

  • MyWebWorkplace is not a high profile site
  • Hardware firewalls, software firewalls and IPSec rules are in place
  • The ports are locked down to specific IP addresses apart from HTTP/HTTPS (80/443)
  • Very restricted access to a small selection of ports by IP
  • Dedicated server - Not on a shared box like a lot of other systems
  • All current patching is automatically applied to OS and MS components,
  • All OS user passwords are complex,
  • The data base requires passwords (complex)
  • Webserver runs HTTPS (2048 bit)
  • Locked down OS and unused services stopped
  • Each login creates a unique one time value for an encrypted cookie and expires after 24 hours which has a corresponding value in the DB (You can't fake the cookie).
  • The logins should be secure with lockouts after 3 failures and forcing the user to use 8 character upper/lower and numeric passwords (complex)
  • Each internal screen requires the user to be authenticated or else redirects to the login page
  • Trapping for SQL injection
  • Java Scripting injection causes an error
  • Compartmentalised access - each client stored in a single, dedicated DB not a shared DB model
  • Monitored 24/7/365 for out of norm values (high CPU / response time etc)
  • In the past, similar systems created by Us have been checked and passed by a reputable security firm

We also employ other security measures to prevent or trap would be hackers that shall remain undocumented.

Powered by BlogEngine.NET
Theme by Mads Kristensen