Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   11-17-2007, 04:27 PM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,792

Status: Artashes is offline
Following a breach of security at well established and professionally run Spry.com the other day (http://blog.spry.com/2007/11/14/security-breach/), it brings a question - how do YOU protect your client's data?

What measures do you take to make sure your office computers are protected from malware/spyware that can open doors to unathorized visitors?
 
 
 


Old
  Post #2 (permalink)   11-17-2007, 04:41 PM
HD Guru
 
Join Date: Sep 2005
Location: England
Posts: 753
Send a message via Skype™ to Matthew

Status: Matthew is offline
It will be interesting seeing what methods are used. Very good question Artashes. Generally where clients data is handled we use PGP whole disk encryption and encrypted backups. If a laptop or PC is stolen then the data is safe and we would only have to worry about forking out cash for a new PC. It would suck if a clients personal details were not encrypted and stolen... bye bye job.

On the software side we encrypt emails that contain personal/confidential information and use hardware firewalls to prevent intrusion. We also have regular scans, security audits and other procedures in place to keep the network tight.
__________________
Matthew
 
 
 


Old
  Post #3 (permalink)   11-17-2007, 05:06 PM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,792

Status: Artashes is offline
Quote:
Originally Posted by Matthew View Post
It will be interesting seeing what methods are used. Very good question Artashes. Generally where clients data is handled we use PGP whole disk encryption and encrypted backups. If a laptop or PC is stolen then the data is safe and we would only have to worry about forking out cash for a new PC. It would suck if a clients personal details were not encrypted and stolen... bye bye job.

On the software side we encrypt emails that contain personal/confidential information and use hardware firewalls to prevent intrusion. We also have regular scans, security audits and other procedures in place to keep the network tight.
My guess is that not many companies follow the standards, because very few usually presume they will ever be a victim of security attack.
 
 
 


Old
  Post #4 (permalink)   11-17-2007, 05:11 PM
HD Guru
 
Join Date: Sep 2005
Location: England
Posts: 753
Send a message via Skype™ to Matthew

Status: Matthew is offline
You hit the nail right on the head there. I guess too that a lot of companies seem to act after the problem rather then prevent the problem in the first place.
__________________
Matthew
 
 
 


Old
  Post #5 (permalink)   11-18-2007, 04:28 AM
Rob
HD Master
 
Join Date: Aug 2007
Location: Wiltshire
Posts: 276
Send a message via AIM to Rob Send a message via Skype™ to Rob

Status: Rob is offline
Interesting question Art,

With regards to site encryption, everything critical like the billing screens, control panels etc are protected by SSL. The database's are secured making injections extremely difficult. Client passwords are encrypted and cannot be changed by anyone other than the client or an admin.

On the data security side, servers are protected 24/7 by armed guards, biometric scanners, hardware firewalls, software firewalls, redundant this, that and the other.

I know of a few companies who don't really bother about data security, sure they have SSL encryption but that's about it. Hacking technologies are changing pretty much every day. If you are not properly protected then you wont last for long.

What security measures are in place on HD?
__________________
Rob G.
Chief Operating Officer
Peartree Digital Media Solutions
 
 
 


Old
  Post #6 (permalink)   11-18-2007, 09:14 AM
HD Addict
 
Join Date: Mar 2006
Posts: 168

Status: Galaxy-Hosts is offline
Quote:
Originally Posted by Artashes View Post
Following a breach of security at well established and professionally run Spry.com the other day (http://blog.spry.com/2007/11/14/security-breach/), it brings a question - how do YOU protect your client's data?

What measures do you take to make sure your office computers are protected from malware/spyware that can open doors to unathorized visitors?
We have a rule that no sensitive client data is to be stored on a employees workstation. All credit card info and other sensitive data is stored in our data center on a server. Employees have to log in to the client management software or collaboration software with their username and password to access this data. All workstations are scanned for viruses daily and are firewall protected.

The physical security of the server is taken care of by the data center (24/7 armed security, swipe cards and biometric protection, motion activated video surveillance, ect). We do use SSL to encrypt data being transmitted and the server has a firewall and extensive security hardening.
__________________
http://Galaxy-Solutions.net Out of this world hosting, at down to earth prices http://Galaxy-Hosts.com
Move up to our QUALITY Servers
Patrick ~ 1-888-751-0100 ext 71 ~ 1-386-984-3717~ patrick@galaxy-hosts.com
 
 
 


Old
  Post #7 (permalink)   11-18-2007, 11:52 AM
HD Management Staff
 
Artashes's Avatar
 
Join Date: Apr 2003
Posts: 9,792

Status: Artashes is offline
Quote:
Originally Posted by HHS-Rob View Post
With regards to site encryption, everything critical like the billing screens, control panels etc are protected by SSL. The database's are secured making injections extremely difficult. Client passwords are encrypted and cannot be changed by anyone other than the client or an admin.

On the data security side, servers are protected 24/7 by armed guards, biometric scanners, hardware firewalls, software firewalls, redundant this, that and the other.

I know of a few companies who don't really bother about data security, sure they have SSL encryption but that's about it. Hacking technologies are changing pretty much every day. If you are not properly protected then you wont last for long.

What security measures are in place on HD?
Rob, you mention a lot of the techniques to protect the server (and most of these things are only affordable to big companies with deep investment/funding pockets), but can they protect themselves from receiving a spyware/malware that would compromise security on local office PCs?
It is my understanding that you can prevent security breach if you "host" all of the sensitive information through a third-party application on the site, which you can protect. However, most companies wouldn't rely on just one data source to keep all that information on and would prefer a local copy as well. THAT's where it gets tricky! Even if they choose to use external hard drives to store that information, when they connect them to PCs that were invaded with security-compromising viruses/spyware, it becomes irrelevant...

HostingDiscussion.com does not have paid clients, so we do not collect sensitive information about anyone. Altogether we rely on the security of vBulletin application and the security setup of our hosting provider to prevent loss of data.

Quote:
Originally Posted by Galaxy-Hosts View Post
We have a rule that no sensitive client data is to be stored on a employees workstation. All credit card info and other sensitive data is stored in our data center on a server. Employees have to log in to the client management software or collaboration software with their username and password to access this data. All workstations are scanned for viruses daily and are firewall protected.
So per my point above, are you satisfied with relying on a single point of data storage? Virus is one things, but there are numerous spyware/malware that can track keyboard activity, and still gain access.

Of course a company can only go that far to protect itself, and I am glad you guys are trying to keep your customer information protected (both server and local PC wise), but in todays environment it seems like there is no such things as an "ideal security".
 
 
 


Old
  Post #8 (permalink)   11-18-2007, 01:02 PM
HD Addict
 
Join Date: Mar 2006
Posts: 168

Status: Galaxy-Hosts is offline
Quote:
Originally Posted by Artashes View Post
So per my point above, are you satisfied with relying on a single point of data storage? Virus is one things, but there are numerous spyware/malware that can track keyboard activity, and still gain access.

Of course a company can only go that far to protect itself, and I am glad you guys are trying to keep your customer information protected (both server and local PC wise), but in todays environment it seems like there is no such things as an "ideal security".
The data is a single source, but it is backed up daily offsite to another data center in New York (the main dc is in Las Vegas). This way if the server fails or there is a natural disaster we can log into the back up server, get the information and get back on track.
__________________
http://Galaxy-Solutions.net Out of this world hosting, at down to earth prices http://Galaxy-Hosts.com
Move up to our QUALITY Servers
Patrick ~ 1-888-751-0100 ext 71 ~ 1-386-984-3717~ patrick@galaxy-hosts.com
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: