HomeSecurity Q and A

Best Practices Security Information

There are several technologies that should be implemented by a
computer system/network to make it as secure as possible for the given
time, budget, and resources available. Richweb implements ALL of the
technologies below:

A. Firewalls (host-based and network-level)
B. SSL (application level encryption between web broswer and web server)
C. Intrusion Detection
D. System Access Auditing, Monitoring, Connection Tracking, Logging
E. Deployment of Anti-virus and Trojan Horse Protection
F. Deployment Software Patches/Updates to Address Security Fixes

A. Firewalls
1. Richweb implements a layered firewall solution to prevent a single
point of failure that results in a compromise or customer information
disclosure. The firewalls are configured as a redundant system, one
master and one hot spare, with version control used to sync the
configuration between the master to the spare. The firewalls provide a
log audit trail of denied connections though some commonly accessed
ports that are probed constantly are dropped and ignored rather than clutter the log files with thousands of irrelevant lines.

EACH co-location network is protected by a network firewall. This
network firewall blocks 99% of all unwanted traffic and allows the
hosts behind the firewall to concentrate on application processing.

EACH application server has a host-based firewall that is tailored to
meet the EXACT security requirements of that host. This ensures that a
mistake or oversight on the network firewall cannot automatically
leave a host vulnerable. In fact, the host still enjoys 100% protection
due to its own rule sets.

B. Secure Sockets Layer (SSL Certificate)
Richweb SSL Solution addresses your security needs by protecting
traffic from all web browsers to and from your Richweb-hosted web
application server with 128bit encryption. SSL certificates also allow
the site to be verified as authentic and not spoofed so that attackers can execute password stealing scams.

C. Intrusion Detection
Richweb uses host based intrusion detection (rkhunter and Aide) to
detect application tampering. Richweb also uses vserver technology to
isolate each application into a private security context where needed.

D. System access auditing and monitoring, connection tracking, logging

Richweb has daily audit programs (automated and manual) that verify the system usage for each of the servers is normal.

E. Deployment of Anti-virus and Trojan Horse protection

Richweb scans (and blocks as appropriate) all inbound email for virus
and Trojan Horse components as well as phishing and scam mails.
It is recommended that ALL customers use their own desktop or server-based anti-virus technology on all incoming customer email of course, especially since many users have web based email accounts that get mail from different domains where the filtering may not be as good as the filtering at Richweb.

F. Deployment Software Patches and Updates to Address Security Fixes

Richweb performs patch management 3 times weekly on all servers.
Richweb does not use Microsoft Windows products so the patch
management process for our servers is not as involved as with MS servers. The
patches are tested on our R&D servers, and then applied. In the event
a 0-day vulnerability is discovered Richweb patches the servers
on an accelerated schedule.

G. System and Software Version Control Management

Richweb utilizes 2 different techniques to ensure that the servers are running authorized and consistent loads of software. The dpkg program is used to extract a list of all software packages that are loaded on each server. The dpkg listing is maintained in a subversion database (svn) that allows server builds to be tracked over time for changes as well as compared to each other. This tool allows Richweb to easily check that servers are both up to date as well as consistent with each other.

Subversion (svn) is a software system that manages concurrent versioning (multiple readers and writers) for both software development as well as systems configuration management. Richweb uses svn to track and manage all versions of customer software that are released as well as in development. In addition, the engineering teams uses text logs that are stored in subversion to track server changes such as hardware updates, software updates, operating system tweaks, firewall ruleset changes, etc. This provides a nice audit trail of who changed what, when, and why.