MOFFATIG.PLUS.COM - Security
This note is intended to help you understand how this web site is secured and make an informed decision as to whether it is safe to use.
The owners of web sites hosted on this server have access to more detailed documentation for audit purposes which is not being placed in the public domain.
This web site is hosted by a computer at the Owner's premises which are locked when
not attended and is accessible to the owner and invited escorted visitors only.
The premises are protected by CCTV with motion detection and recording.
The internet connection is provided by a subsidiary of the UK's largest telecommunications
operator and is independent of the Owner's domestic internet access connection.
The web server is protected by NAT and access lists in the internet connection router and
an independent host-based firewall which both duplicates the router access list and
also provides additional, more specific restrictions on remote
access to protected parts of the site. Administrative users have to log on to
the network using different credentials to those required by their authorised
applications on the server before they can access server applications.
All denied connections are logged. A network traffic monitoring tool is in
operation and GeoIP information is logged and recorded for blocked packets.
Access from the internet to the server is limited to the ports required for
the published applications. All other access is blocked both at the router and
by the host-based firewall.
This site is hosted on a Linux Web Server using the current version of a
major distribution and is patched regularly. The owner subscribes to the
distribution's mailing list and patches are usually applied on the day that
they are announced.
All access to the server (apart from public web pages) requires a password.
Separate usernames and passwords are used for different levels of access and
all users must give a personal username and password to get access.
The Server has been built to US DoD standards and incorporates modern
Linux security measures such as SELinux policies, Encrypted file systems,
and a host based intrusion detection system with real-time alerts to the
Owner is installed. Daily security audits are run and the reports are
available in a password protected page to authorised users. The file
system encryption password is not stored in a readable form and the
owner must be present when the system is booted. Limited battery backup
is available to allow the system to come back on line after short power
cuts without the need for the owner to re-enter the password.
In general all public content apart from index or login pages is static HTML
or protected by passwords to limit the attack surface. GeoIP restrictions
are used to further limit the attack surface where feasible. Administrative
web pages are on a separate virtual server with additional network access
HTTPS is used with a free certificate from
letsencrypt.org which is sufficient to protect information in transit
between a web browser and the server but does not provide robust proof that
the server is owned and operated by the person who claims to do so. All that
can be proved by this certificate is that the person who requested the certificate
had control of this server at the time the certificate was first granted. This is
considered adequate for the time being as no financial information is stored
or processed. End users are advised not to use the same credentials for any
On site backups are made daily to a removable disk drive. These backups are
in a Linux EncFS File system protected by AES encryption with 192 bit keys.
The Password is not stored and the server will not mount the backup automatically
until the owner provides a password.
Off site backups are made daily.
Encrypted backups are stored by Amazon S3 in their London Zone
in The UK. Amazon have
declared that this service is going to be GDPR compliant with regard to their
servers, network and operational procedures as of 25th May
2018 but make clear that it is their customer's responsibility to protect
data from unauthorised access. To that end we use AES Encryption with 192 bit
keys before the data leaves our premises and the backup provider does not
have the keys. Neither the backup provider nor anyone else can easily
decrypt the files held in Amazon S3 to recover your or our information.
To allow the backup to be retrieved in the event of the Owner's death
it is intended to provide partial secret keys to each hosted web site owner
and place a further key with a neutral party constructed such that the
information to retrieve the backups from AWS S3 and decrypt them is available
given a quorum of 4 out of 5 parts of the secret - see Shamir's Secret Sharing
and Gnu GFShare
for a technical explanation of the method proposed. Each secret keeper
will get a zip file containing encrypted AWS and EncFS credentials, a
technical note on restoration and one of five shared secret keys.
Coordination of any necessary recovery will be done by the Felixstowe
and District ARS as lead stakeholder.
[ HOME ]
Copyright © Iain Moffat 2018