Metawerx Security Features
Metawerx has a strong background in computer and network security, which started as an interest in the late 1980's. These days, we still provide security consultancy services to both hosted, and self-hosted clients in Melbourne, focussing on web-based application issues such as cross scripting, HTML and SQL injection, session hijacking and security auditing for web applications.
The features we have in place to protect our server equipment, your data and privacy, are detailed below. If you have questions about any of the items below, or your specific security requirements, we would be happy to discuss them with you in more detail.
Data Privacy and Protection
- Backup data is kept under the same conditions as live data
- Customer data is completely removed on request
- Password change and access to accounts data require a 3-part authorization process
- All metawerx personnel are under strict Non-Disclosure Agreements
- A personal accounts manager deals with all clients, and knows each one
- Your data and privacy will always be handled with the highest regard
Data Centre Security
- 24/7/365 security camera surveillance inside and outside data centre
- Over 30 cameras covering all rooms and racks
- Digital recording on motion
- No access permitted without prior arrangement
- Non ground-level server rooms, no unauthorized access to lifts or stairs
- Maximum-security data area, requires bio-metric authentication, smart-card and ID badge authentication
- Bio-Metric palm reader
- Anti-pass-back system, travel must be uni-directional
- Anti-tailgate system with man-trap, preventing access to server rooms, only one person may pass through at a time
- Interlocked doors
- See the Data Centre page for more information about our data centre
Server Physical Security
- Unlabeled servers, unlabeled racks, only metawerx and data centre staff know which servers are metawerx servers
- Locked server cages, with separate keys per rack segment
- Separate keys required for power cable access, no shared access to power cables
- Separate keys required for network cable access, no shared access to network cables
Security Monitoring
- Automated systems block port-scans and brute-force attacks on key services 24/7/365
- Technicians are sent alerts if suspicious activity is taking place and will monitor, block or phyiscally disconnect hardware if necessary
- Action is taken on increased network activity, or suspicious probing activity
Network and Java Security (Managed Servers and Java Hosting)
- Encrypted transfer facilities for transferring sensitive data to/from server
- Intruder detection and blocking system
- Anti-Port-Scan system
- Fine-tuned java security policies per VM (Managed VMs)
- Java log scans for security exceptions
- Rapidly patched, firewalled operating systems
- Secure sandboxing of all accounts and services
- Securely OS-sandboxed dedicated VM's on Windows and Linux
Advanced SSL Security (Managed Servers and Managed JVM Hosting)
- 256 bit SSL/TLS encryption enabled
- 4096 bit private keys for your CSR
- Secure SSL renegotiation
- Weak/Medium ciphers disabled (Tomcat 4.1.32 or higher required, option to re-enable for older browsers in Export-Restricted countries)
- SSLv2 protocol support disabled (Tomcat 4.1.32 or higher required)
- TLSv1.2 protocol support (JDK1.7 or higher required)
- Elliptic Curve cryptography enabled (faster SSL encryption on newer browsers and mobile devices)
- Minimum 256 bit mode option (default is 128, 256+ provides maximum SSL encryption for private systems, but will not work with IE6 and older browsers)
- PCI compliant, FIPS-ready SSL setup available (according to tests at Qualys SSL Labs, score of 98)
Contact us to discuss your requirements, or for a faster setup, select a plan from the Plan-based pricing pages.
We are often commended for our high quality services and fast delivery. Sign up and you will see why!
