ICANN Registry Proposal
Registry Operator's Proposal - TECHNICAL CAPABILITIES AND PLAN
D15.2.9. System
security. Technical and physical capabilities and procedures
to prevent system hacks, break-ins, data tampering, and other
disruptions to operations. Physical security.
Security is an important centerpiece of our business. WebVision uses proven practices, methodology, processes, and tools to monitor and maintain its own as well its clients' network and systems security, which includes real-time alerting and response capabilities. Our security approach provides safeguards against any single point of failure or vulnerability, with continuous improvements. WebVision has a complete security package rather than an ala Carte collection of security tools, and is a standard component of the company's hosting and collocation services.
WebVision security services include a choice of leading firewals, intrusion detection, frequent vulnerability checks, monitoring, and rapid response.
WebVision has affiliated with leading security product vendors. Firewall choices include Checkpoint Firewall-1 and Cisco PIX. ISS' RealSecure software is used internally and offered for Intrusion Detection.
WebVision provides a "Honey Pot" and active monitoring as part of its intrusion detection service, which is a rather rare advanced capability. A honey pot is a dedicated system into which intruders are redirected. It gives the appearance of a successful intrusion, while keeping the intruder away from critical systems and gathering evidence about their actions.
In addition to these physical, systems, and network security measures, WebVision provides a wealth of professional security services, which include:
- Security assessments and reviews
- Vulnerability analysis
- Security Policy planning
- Security System Design
- Incident Response & Incident response training
- Investigation services
- Security-specific service-level agreements
It is important to note that the extent of these protections is difficult to apply to a remodel or retrofit data center, but WebVision’s facilities have been built from the ground up for this purpose.
The firewall and intrusion detection offerings include service level agreements (SLAs) for response to threats and downtime. Some features to augment the SLA’s are:
- Off-site backup services
- Rapid recovery and failover procedures
- System configuration assessment & Systems hardening recommendations
- Periodic vulnerability scanning for viruses, core dump software, Trojan Horse software and any other exceptions
- Proactive Security Monitoring
WebVision’s security officers review all incident logs, perform periodic security scans and tests, and are in constant touch with outside security industry experts in order to stay informed on the latest security threats such as Denial of Service and Distributed Denial of Service programs, Viruses, Trogan Horse software, Sniffers and other security compromising software, tools and techniques used by Hackers. A complete security threat response procedure is in place, which includes notification to customers of the status and remedy.
Physical Security:
Each WebVision IDC has a team of Armed security guards. Logs are kept for all entrances and exits to the IDC’s. In addition, the main IDC hosting floor has a separate secured entrance only accessible once inside the Data Center. Another security guard is positioned inside the Data Center Hosting area. The perimeters are fully alarmed and cameras are in place that are being monitored and recorded. New videotapes are used every day with the saved tapes sent to offsite storage. There are a total of approx. 16 surveillance cameras in each data center.
|