|
RedShift
Server Security System |
| |
|
|
| |
Security measures are implemented
proactively at RedShift, unlike other Web Hosting
companies where these measures are reactive. We have
implemented in-house measures that ensure security of all
our servers.
|
|
| |
|
|
| |
The
Security Measures are undertaken at two different levels |
|
| |
|
|
| |
Data
Center Level |
|
| |
|
|
| |
The data center is physically isolated
from everyone but level three technicians. Public access is
strictly forbidden. Access to the data center floors is
restricted to those holding military-grade pass cards. To
guard against line failure or intrusion, the data center is
staffed 24 hours a day and monitored by a comprehensive
security system incorporating biometric hand-scanning for
strict access control. There is 24 hour video surveillance
with as many as 8-10 cameras in a single room to monitor
every activity.
|
|
| |
|
|
| |
Server
Level |
|
| |
|
|
| |
RedShift runs periodic security
checks on the servers and generates reports with the
following details using third party tools.
|
|
 |
| |
|
Services
running on the server and versions of software used. |
|
| |
|
Up-to-date security vulnerability database. Over 1000
security checks are performed.
|
|
| |
|
Reports which service is vulnerable and what action has to
be taken with all the references to advisories from CVE,
Bugtraq, CERT and other independent companies and
organizations.
|
|
| |
|
|
|
| |
Apart from the above, there are other security measures
taken on each server
|
|
|
|
| |
|
Detection of any issues with the network, with risk levels
of any problems detected (from Low to Very High).
|
|
| |
|
Blocking of all the unwanted ports to prevent unauthorized
intrusion by exploiting the vulnerable ports.
|
|
| |
|
Changing the ports of services which are vulnerable to hack
attempts and DoS attacks to some other unused ports. For
example, the port of MS SQL 2000 port is changed from the
default from 1433 to 1422.
|
|
| |
|
Realtime Antivirus scanning for viruses as well as scheduled
scans to prevent viruses from entering the server.
|
|
| |
|
Realtime Email Antivirus scanning to prevent viruses from
entering the Users inbox.
|
|
| |
|
Setting security policies in the servers according to the
RFCs specified by the various advisories.
|
|
| |
|
Access to the servers
limited to the Server Administrator. |
|
| |
|
Daily incremental Backup of Data and Databases to prevent
the loss of data in event of a server failure.
|
|
| |
|
|
|
