Chaos Ergonomics

 
 

DSEasy Web Server Security

1. Traffic security

All network traffic between the client browser and the DSEasy.net server can be encrypted with a 128 bit key under SSL [secure sockets layer] as used by all bank and credit card transactions. This is an optional module requiring an individual certificate and domain name.
The standard is: http://www.thawte.com

2. Web server security

The DSEasy web server is a high performance, fault tolerant dedicated Unix server providing the high levels of technical security.

3. Database and Application security

The embedded security model provides private encrypted password storage and page level user validation to preserve the privacy and integrity of client data.

4. General

The DSEasy application has been developed to the Government e-Gif and OWASP. This requires best practice standards of application architecture and use of open standard, non proprietary technologies.

5. Server site Physical Security and Approvals

Host ISP meets the following standards:
GCat
NHScat
PASA
ISO9000
BS7799 (Currently awaiting auditing for approval)

This, combined with CCTV, access control swipe cards, very restricted access to the Data Centre and regular security audits by external parties ensures we provide a safe and secure environment.

Secure server configuration and application architecture
The development team behind DSEasy.net are accredited contractors to the NHS and are experienced in protecting the most sensitive level of data held within a web application to OWASP standards. We currently host several Government Servers and provide Internet service to Local and Regional authorities as well as Police Authorities and major computer secure site developers.

6. Disposal of data

Hard disk disposal:
Data is ‘erased’ by introducing to the disk 50 times, random data which will ‘erase’ all trace of the original data.

7. Virus protection

ClamAV is in place. Visit http://sourceforge.net for complete authenticity details.

8. Backups

Data is backed up each night and saved in an encrypted file on an offsite server.

9. VPN and Firewalls

Cisco Firewall
VPN connections available by arrangement
Specification and pricing on request.
 
 

© 2006 Chaos Ergonomics | PO Box 140, Tavistock, Devon, PL19 9WF | support@dsecompliance.co.uk | Privacy Policy