MOFFATIG.PLUS.COM - Security

This note is intended to help you understand how this web site is secured and make an informed decision as to whether it is safe to use. The owners of web sites hosted on this server have access to more detailed documentation for audit purposes which is not being placed in the public domain.

Physical Security

This web site is hosted by a computer at the Owner's premises which are locked when not attended and is accessible to the owner and invited escorted visitors only. The premises are protected by CCTV with motion detection and recording.

Network Security

The internet connection is provided by a subsidiary of the UK's largest telecommunications operator and is independent of the Owner's domestic internet access connection.

The web server is protected by NAT and access lists in the internet connection router and an independent host-based firewall which both duplicates the router access list and also provides additional, more specific restrictions on remote access to protected parts of the site. Administrative users have to log on to the network using different credentials to those required by their authorised applications on the server before they can access server applications. All denied connections are logged. A network traffic monitoring tool is in operation and GeoIP information is logged and recorded for blocked packets.

Access from the internet to the server is limited to the ports required for the published applications. All other access is blocked both at the router and by the host-based firewall.

Server Security

This site is hosted on a Linux Web Server using the current version of a major distribution and is patched regularly. The owner subscribes to the distribution's mailing list and patches are usually applied on the day that they are announced.

All access to the server (apart from public web pages) requires a password. Separate usernames and passwords are used for different levels of access and all users must give a personal username and password to get access.

The Server has been built to US DoD standards and incorporates modern Linux security measures such as SELinux policies, Encrypted file systems, and a host based intrusion detection system with real-time alerts to the Owner is installed. Daily security audits are run and the reports are available in a password protected page to authorised users. The file system encryption password is not stored in a readable form and the owner must be present when the system is booted. Limited battery backup is available to allow the system to come back on line after short power cuts without the need for the owner to re-enter the password.

Web Security

In general all public content apart from index or login pages is static HTML or protected by passwords to limit the attack surface. GeoIP restrictions are used to further limit the attack surface where feasible. Administrative web pages are on a separate virtual server with additional network access controls.

HTTPS is used with a free certificate from letsencrypt.org which is sufficient to protect information in transit between a web browser and the server but does not provide robust proof that the server is owned and operated by the person who claims to do so. All that can be proved by this certificate is that the person who requested the certificate had control of this server at the time the certificate was first granted. This is considered adequate for the time being as no financial information is stored or processed. End users are advised not to use the same credentials for any other service.

Backups

On Site

On site backups are made daily to a removable disk drive. These backups are in a Linux EncFS File system protected by AES encryption with 192 bit keys. The Password is not stored and the server will not mount the backup automatically until the owner provides a password.

Off Site

Off site backups are made daily.

Encrypted backups are stored by Amazon S3 in their London Zone in The UK. Amazon have declared that this service is going to be GDPR compliant with regard to their servers, network and operational procedures as of 25th May 2018 but make clear that it is their customer's responsibility to protect data from unauthorised access. To that end we use AES Encryption with 192 bit keys before the data leaves our premises and the backup provider does not have the keys. Neither the backup provider nor anyone else can easily decrypt the files held in Amazon S3 to recover your or our information.

To allow the backup to be retrieved in the event of the Owner's death it is intended to provide partial secret keys to each hosted web site owner and place a further key with a neutral party constructed such that the information to retrieve the backups from AWS S3 and decrypt them is available given a quorum of 4 out of 5 parts of the secret - see Shamir's Secret Sharing and Gnu GFShare for a technical explanation of the method proposed. Each secret keeper will get a zip file containing encrypted AWS and EncFS credentials, a technical note on restoration and one of five shared secret keys. Coordination of any necessary recovery will be done by the Felixstowe and District ARS as lead stakeholder.


[ Privacy Policy ]   [ HOME ]  


Copyright © Iain Moffat 2018