Uncategorized

Protection Against Unauthorized Users

Protection Against Unauthorized Users Off-the-shelf operating systems have a flawed notion of trust – the privileged user is implicitly trusted. This leads to a variety of security problems. Many attempts have been made to fix this issue including one within a topnotch United States military agency. However, these solutions have proven impractical for general business …

Protection Against Unauthorized Users Read More »

Tamper-resistant Logs

Tamper-resistant Logs Our secure instances log Server General activities at four separate locations (real-time). Even the administrators are unable to alter all four copies since three copies are stored outside of their administrative control. This essentially nullifies log tampering attempts. Most auditors appreciate this approach.

Reduced Attack Surface

Reduced Attack Surface The Operating System vendors design their products to support numerous applications to increase their usage. However, this approach results in a bloated operating system unfit to host any mission-critical application server securely. The PostgreSQL Secured by SG instance uses a trimmed down version of the OS thereby reducing the attack surface significantly. …

Reduced Attack Surface Read More »

PCI Compliance

2.1 2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts. 2.2.1 2.2.1 Implement only one primary function per server. 2.2.2 2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform …

PCI Compliance Read More »

PCI Compliance

PCI Compliance 2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts. 2.2.1 Implement only one primary function per server. 2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform the …

PCI Compliance Read More »

HIPAA

HIPAA Security Rule Compliance with Server General The HIPAA Security Rule requires health care organizations (covered entities and their business associates) to secure the protected health information (PHI) under their control at all times. The rule makes specific references to encryption, key management, access controls, risk management and auditing. The HITECH Act, on the other …

HIPAA Read More »