Security measures
What security measures are taken?
- The Linux servers and data are protected by a firewall. Access to the server is managed by using SSH. The Linux servers are monthly provided with the latest upgrades and security patches.
- The software is regularly part of penetration testing or auditing procedures of some of our clients. If improvements are recognized generic solutions (if possible) are implemented so that any application can benefit. After the explicit approval of CrossmarX, clients are allowed to audit the application.
What monitoring is done?
- Servers CrossmarX, workload and resource consumption. On anomalous values actions can be taken.
- Applications: relevant entries. For example if strangers on major entries do many failed attempts to log in.
- Illogical facts. Unusually many requests and loops.
- The supplier of the virtual servers gives indication of DDOS attacks.
- The supplier of virtual servers provides information with respect to the health of switches and routers. When overloaded a switch will be made.
What specific measures are possible for my specific application?
- User login using SSL.
- Domain-specific certificate.
- Encrypted storage of passwords.
- IP authentication. Certain usergroups may only access the application from allowed and known IP addresses.
- Enforce password strength
- Encrypt specific fields and their values in the database (additional costs).
- You can analyse vulnerabilities and possible risks in the backstage.