Our Security Approach
In order to reduce security risks to minimum, a holistic approach to
security is required. Our security processes are born out of a clear
definition of the threats to our system.
Security threats are a result of the various interaction points that an
application provides to the external world, and the various users that can
interact with these interfaces. For instance Your Customers, Your
Resellers, Your staff, Our Staff, Anonymous Internet Users and Third Party
Servers are interacting with our Systems at any given point of time. Each
of these actors need to have different access levels and different rights
and permissions.
Security Goals
Privacy - Information within our infrastructure and
systems will only be accessible by authorized users
Integrity - Data and information within our
infrastructure cannot be tampered with by any unauthorized user
Data Protection - Data within the systems cannot be
harmed, deleted or destroyed
Identification and Authentication - Ensures that any
user of the system is who he claims to be and eliminates chances of
impersonation
Network Service Protection - Ensures that networking
equipment is protected from malicious hacking attempts or attacks that
threaten uptime
Our Holistic Security Model
Our Security platform and process leverage on multiple levels of
security - consisting of Security Systems and Equipment1
combined with Security Procedures and Practices2 and Auditing
Processes3, to ensure unparalleled security for all the
services we provide. The platform tackles security at 7 different levels
Protection against Distributed Denial-of-Service (DDoS)
Attacks Denial of Service is currently the top source of
financial loss due to cybercrime. The goal of a Denial-of-Service attack
is to disrupt your business activities by stopping the operation of your
web site, email or web applications. This is achieved by attacking the
servers or network that host these services and overloading the key
resources such as bandwidth, CPU and memory. The typical motives behind
such attacks are extortion, bragging rights, political statements,
damaging competition etc. Virtually any organization that connects to the
Internet is vulnerable to these attacks. The business impact of large
sustained DoS attacks is colossal, as it would lead to lost profits,
customer dissatisfaction, productivity loss etc due to inavailability or
deterioration of service. A DoS attack in most cases would even land you
with the largest bandwidth overage invoice that you have ever seen.
Our Distributed Denial-of-Service protection system provides unrivaled
protection against DoS and DDoS attacks on your internet-facing
infrastructures i.e. your websites, email and mission critical web
applications, by using sophisticated state-of-the-art technology which
automatically triggers itself as soon as an attack is launched. The DDoS
mitigator's filtering system blocks almost all fraudulent traffic and
ensures that legitimate traffic is allowed up to the largest extent
possible. These systems have seamlessly protected several web sites from
large service outages caused by simultaneous attacks as large as 300+ Mbps
in the past, thus allowing organizations to focus on their Business.
Firewall Protection Our round-the-clock firewall
protection system secures the perimeter and delivers the very best first
line of defense. It uses highly adaptive and advanced inspection
technology to safeguard your data, website, email and web applications by
blocking unauthorized network access. It ensures controlled connectivity
between the servers that store your data and the Internet through the
enforcement of security policies devised by subject matter experts.
Network Intrusion Detection system Our network
intrusion detection, prevention and vulnerability management system
provides rapid, accurate and comprehensive protection against targeted
attacks, traffic anomalies, "unknown" worms, spyware/adware, network
viruses, rogue applications and other zero-day exploits. It uses
ultramodern high-performance network processors that carry out thousands
of checks on each packet flow simultaneously with no perceivable increase
in latency. As packets pass through our systems, they are fully
scrutinized to determine whether they are legitimate or harmful. This
method of instantaneous protection is the most effective mechanism of
ensuring that harmful attacks do not reach their targets.
Hardware
Standardization We have standardized on hardware vendors that
have a track record of high security standards and quality support. Most
of our infrastructure and datacenter partners use equipment from Cisco,
Juniper, HP, Dell etc.
Host Based Intrusion Detection System With the
advent of tools that are able to bypass port blocking perimeter defense
systems such as firewalls, it is now essential for enterprises to deploy
Host-based Intrusion Detection System (HIDS) which focuses on monitoring
and analyising the internals of a computing system. Our Host-based
Intrusion Detection System assists in detecting and pinpointing changes to
the system and configuration files - whether by accident, from malicious
tampering, or external intrusion - using heuristic scanners, host log
information, and by monitoring system activity. Rapid discovery of changes
decreases risk of potential damage, and also reduces troubleshooting and
recovery times, thus decreasing overall impact and improving security and
system availability.
Timely Application of Updates, Bug Fixes and Security
Patches All servers are registered for automatic updates to
ensure that they always have the latest security patch installed and that
any new vulnerabilities are rectified as soon as possible. The largest
number of intrusions result from exploitation of known vulnerabilities,
configuration errors, or virus attacks where countermeasures ARE already
available. According to CERT, systems and networks are impacted by these
events as they have "not consistently" deployed the patches that were
released.
We fully understand the requirement for strong patch and update
management processes. As operating systems and server software get more
complex, each newer release is littered with security holes. Information
and updates for new security threats are released on an almost daily
basis. We have built consistent, repeatable processes and a reliable
auditing and reporting framework which ensures that all our systems are
always up-to-date.
Periodic Security Scans Frequent checks are run
using enterprise grade security software to determine if any servers have
any known vulnerabilities. The servers are scanned against the most
comprehensive and up-to-date databases of known vulnerabilities. This
enables us to proactively protect our servers from attacks and ensure
business continuity by identifying security holes or vulnerabilities
before an attack occurs.
Pre-Upgrade testing processes Software upgrades are
released frequently by various software vendors. while each vendor follows
their own testing procedures prior to release of any upgrade, they cannot
test inter-operability issues between various software. For instance a new
release of a database may be tested by the Database vendor. However the
impact of deploying this release on a production system running various
other FTP, Mail, Web Server software cannot be directly determined. Our
system administration team documents the impact analysis of various
software upgrades and if any of them are perceived to have a high-risk,
they are first beta-tested in our labs before live deployment.
|