Security from the outside to the inside
This is the type of security that most people think of it - keeping the bad guys on the internet at bay. You'll be glad to know that our approach
to this security threat has a number of different layers, and we're not relying on a single process to protect your server.
Firewalls
Using a pair of high-availability (if one fails, the other takes over) ICSA Certified Sonicwall Pro4100s, we have genuine firewalls protecting your server
as the first line of defence.
Even though it's our first line of defence, it's a formidable system. As well as carrying out the traditional firewalling feats such as
restricting access to ports and services, our firewalls also provide a UTM (Unified Threat Management) system that detects and prevents attacks from
viruses, spyware, trojans, exploits, and malformed packets, and perform other types of intruder detection and prevention.
Click image for larger view
The firewalls are extremely powerful, capable of dealing with up to 600,000 concurrent connections at 800mbps in normal firewalling mode. The only
thing that should get past our firewalls is the traffic that is supposed to get past them.
Hardened Servers
Even though we're sure that the traffic reaching your server is safe, we err on the side of caution and make sure we harden your server as if
the firewalls don't exist. It's a fine line between securing your server fully, and allowing the server to function without issues, but we have a
number of systems in place to help protect you.
Tightened Permissions, Disabled Services, and reduced Attack Surface
We disable unnecessary services and tighten permissions on the drives (particularly the root drive), to make it extremely difficult for anyone to
exploit your server. We also make a number of registry changes to reduce the attack surface of your server and to make your server as secure as
possible without compromising usability.
IPSEC Policy or Windows Firewall
In most cases, we install a custom IPSEC policy (depending upon the server's ultimate function) to restrict incoming and outgoing traffic to specific
ports. This can be a complicated business, but the IPSEC policy acts like a traditional firewall to give your server excellent protection from
unwanted connections.
In some cases we'll use Windows Firewall instead of an IPSEC policy, or in extreme cases we'll install a 3rd party software firewall to provide a high-level
of network protection.
Anti-Virus Software
We view the security of your server as being a fundamental part of our service to you. We don't believe security is something
to be "added on" at extra cost, and that's why we install server anti-virus software on all servers and VPSs. The software updates itself
several times a day to make sure your protection is complete and up-to-date.
Anti-Spyware and Anti-Trojan Software
Finally, we install anti-spyware and anti-trojan software to all servers and VPSs to help protect them from new and emerging threats that may
have found a way to get on to your server. This software regularly scans your server for problems, and reports any suspicious software or activity.
Patch Management
If your server is being fully managed by us, we'll keep your Operating System updated with the latest security patches from Microsoft. In
other circumstances where Administrator access to your server is not available, we also carry out this process on a monthly basis.