Security Precautions for TravisHosting
TravisHosting sits in a "managed hosting" facility in Houston, Texas and employs a "security in depth" approach to networking. This approach assumes that a hacking attack will occur, and takes all known steps to make sure that even if a hacker breaks past one layer of secure, several more are standing in front of him.
Network Firewall
TravisHosting sits behind a set of redundant Cisco PIX 515 firewalls. These firewalls are the industry standard for securing web servers. The PIX acts as an intrusion detection device, and instantly drops invalid or suspicious connections. The only open "ports" to connect to TravisHosting are Web (80), SSL (443), and FTP (21). By closing off all other ports, we limit the surface area of our servers and protect them from "Script Kiddies", worms and viruses.
Security Sandbox
Each copy of TravisFlex Internet Access Module (TFIAM) and TravisCobra Internet Access Module (TCIAM) runs in its own sandbox on the webserver, with its own Windows Account. This account only has access to the directories and files contained within its sandbox.
Security Patching Schedule
Since most security exploits occur due to an old version of the Operating System, TravisHosting server is patched regularly with all vendor specifications. Service Packs are tested in our beta environment before going live, usually within 48 hours. All critical security patches are tested and applied as soon as possible, usually the same day.
.NET Security
TravisHosting runs on Windows 2003 Web Edition with the .NET Framework installed. This gives us out-of-the-box functionality to secure access to data. Users will not be able to download files that they should not have access to, such as sensitive database files. All the user can do is browse the site and view the HTML and images necessary to view TCIAM or TFIAM.
Data Transmission Security
All TravisHosting sites run under 128 bit SSL encryption, commonly referred to as HTTPS or SSL. This is the industry standard for browsing secure websites such as online banking, mortgage approvals, and purchasing goods online. This ensures that only the person using their web-browser can view sensitive data; if someone hacks into their web-connection, all they will see is encrypted junk.
Physical Security
Armed Security Staff are rotating through the TravisHosting datacenter 24 hours a day, 7 days a week. Badge-only access and a biometric reader further limits access to the DataCenter. The combination of these physical security measures with ongoing video surveillance ensures the privacy.
Data Availability and Backups
In order to provide the foundation for data recovery, weekly full image backups are performed on application data and operating systems. These backups are supplemented with daily incremental backups. The amount of data transferred for backups is based on the amount of data being stored on disk and how often it changes. Since we perform incremental backups every night, if you change all of your files every day, then each one of the incremental backups will be a full backup to tape every night. Our weekly backups are retained onsite for two weeks and then shipped offsite for two weeks. Monthly backups are shipped offsite and retained for 90 days; quarterly backups are shipped offsite and retained for one calendar year.
Disaster Recovery
TravisHosting is hosted in a "managed hosting" facility located in Houston, Texas operated by Vericenter, a national hosting organization. Vericenter manages and monitors the Houston facility where the TravisHosting servers are installed 24/7, and we have the option of relocating the servers to any other Vericenter facility at any time. Vericenter backs up the TravisHosting data off-site nightly, and one of the sites to which that data is backed up is our office facility in Houston. Another is to our Disaster Site located in Lewisville, Texas, and another is a secure location away from Houston The second operating backup to Vericenter is located at OurDataWorks in Lewisville, Texas, which has an operationally-identical facility to the one in our Houston offices, and which has agreed to provide Travis with office space, desks, and communication bandwidth should it be required. We have tested the TravisHosting system on the servers at ODW, and anticipate that should it be necessary for Travis to relocate to Lewisville, the outage to TravisHosting customers would be less than two calendar days.