Download PDF

Overview of muchBeta services Security

Introduction

The issues of end-to-end security and end-to-end privacy within the Internet are far more sophisticated than those within a single in-house network. Ensuring the confidentiality, integrity, and availability of customer’s systems and data is of the utmost importance to muchBeta, as is maintaining trust and confidence. This document is intended to answer customer questions such as “How does muchBeta help me ensure my data is secure?” Specifically, muchBeta physical and operational security processes are described for network and infrastructure under muchBeta management, as well as service-specific security implementations.

Physical Security

muchBeta services rely mainly on Amazon as a computing, storage and security provider, having this company many years of experience in designing, constructing, and operating large-scale infrastructures. These data centers which are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

Operational Security

Security within muchBeta services is provided on multiple levels: The operating system (OS) of each server, a stateful firewall, the mandatory use of SSL on each and every request and also strong security policies within the web application itself . Each of these items builds on the capabilities of the others. The goal is to ensure that data contained within muchBeta services cannot be intercepted by non-authorized systems or users.

We regularly update operating systems, either by applying security patches or by completely upgrading OS to a more recent and stable version. All these steps are performed carefully and always with a fast rollback plan in mind, to ensure minimal downtime in case things don't work as expected during upgrades.

Our firewall blocks all traffic by default. Generally speaking, the only service "connectable to the world" is the web application. All other ports are normally closed, exception made to internal security audits that we periodically run, with the purpose of monitoring potential abuses/attacks.

All requests between customers browsers and a muchBeta server must be issued using SSL. This way, all data transfered between them is completely encrypted and protected from third party prying eyes.

muchBeta web applications are built with security in mind, implementing countermeasures such as authentication, access control, session management, input validation, error handling, logging and cryptography. Every action on the system is logged and all data received by each system is validated and audited. We strive to keep up with security standards and directives by applying defense in depth, using a positive security model, failing securely, running with least privilege, avoiding security by obscurity, keeping it simple and detecting and acting on intrusions.

Customers information security relies upon Confidentiality, Integrity and Availability.

We only allow access to data for which the user is permitted.
We ensure data is not tampered or altered by unauthorized users.
We ensure systems and data are available to authorized users when they need it.

Download PDF