General physical security policy and security systems

  • All company servers are located in a separate server room. The server room is locked and only authorized persons have access to the room.
  • Office building has 24/7 security.
  • Access to the office is allowed only for employees of the company (each employee has a personal access card).
  • Office network is completely internal.
  • Office has alarm system that is tuned on each time all employees leave the office.

Software security systems.

  • Inbound access to the internal network is totally forbidden by iptables firewall.
  • Only safe and required ports are open for outbound access from internal network (HTTP, HTTPS, email).
  • Intrusion detection system Snort with SnortSam is used for fast detection and prevention of potential attacks.
  • All services available from outside are hosted only on systems in DMZ that do not have access to internal network.
  • All traffic generated by company employees is logged by gateway.
  • ll email is automatically checked for viruses by email server.
  • Each workstation and server has Kaspersky Antivirus and Microsoft malware protection software installed which run on scheduled basis. All reports are automatically sent to system administrators. Unix/Linux systems are checked for malicious software by ClamAV on scheduled basis.
  • Strong security settings for all workstations are managed via domain security policy.
  • All browsers have strong security settings.
  • Microsoft WSUS is used to keep all system up-to-date with critical and advised OS and software updates.
  • All project-related data is transferred to customer via secure channels.

Ways to protect Client’s intellectual property against internal theft and external hacking.

  • Only engineers involved in a certain project have access to project-related data.
  • Each engineer involved in a project signs NDA that is passed to a customer and a copy is kept in the company.
  • All project related data is stored in version control system (SVN) on the dedicated server with scheduled backups.
  • All project specific data is protected by version control system security.
  • Version control system storage is protected by Windows security (or Linux security depending on which is chosen).
  • All server systems have strong security settings (Guest disabled, Administrator renamed and has strong password, default shares disabled, etc).
  • Servers are located in physically protected room.
  • Inbound access to internal network is totally forbidden by firewall.
  • Outbound access is also forbidden for server systems by firewall.