We make it all connect

We believe true system security must be built in from the ground up. In our efforts to protect and preserve the integrity of customer data at all times, we focus on the physical, network, and application levels of our service, and take measures to formulate an impenetrable "ring of security" around each. With the commitment that no single point of failure exists anywhere within your network, we continually improve the technological and procedural aspects of the network.  In our fast-paced technological world, constant evolution is critical to anticipate, react, and stay ahead of security issues, in order to provide the most secure and reliable web service application possible. This is how Kilbride Connectivity sets up a safe and secure network.

User Authentication

The administrator is able to adjust the level of security for each intranet site using various authentication options.  The level of security is therefore appropriate and customizable for each individual site and user.  There is no need for anyone except the administrator to have full administrative rights.

In addition to the standard login verification process, the administrator has the option of utilizing some or all of the enhanced login security features.  To ensure that users create passwords that are difficult for an intruder to guess, the administrator can require the user to use a combination of upper- and lowercase letters, numbers, and special characters.  The administrator also has the ability to increase the minimum character length of user passwords and can set an amount of time after which passwords expire, thus forcing users to periodically change their passwords.  When the account lockout feature is enabled, the user's account is automatically, temporarily disabled after three failed login attempts.  Another feature disables automatic login or the "remember me" feature that allows login information to be stored on the user's computer.

Permissions

Once access to the site has been established the user will still need permission to perform certain actions like viewing, editing, and downloading documents or applications.  Any operating system used today is flexible enough to handle different access levels for different groups yet easy to use for all users.  Permissions are set by the site administrator for certain actions and by the manager of a document or database in other cases.

For example, the manager of a database may set who can read, add, or manage that particular database.  Permissions may be set for individual members or entire groups, and may be changed by the manager of the database.  This permissions system also applies to document management.  For example, if a person has been given permission by the administrator to manage a document folder, that user can then set permissions as to the level of access others will have to that folder.  If Accounting decides that they want to share their information only within their group, as managers of their folder, they can set "no access" permissions for other users.

Data Security

Your data must be protected by numerous layers of state-of-the-art hardware and software security features to prevent unauthorized individuals from gaining access to it.  When multiple layer network security is implemented your systems data is safely sequestered well out of harm's way.  The following sections give more detail regarding our approach to "defense-in-depth" security.

Information passing through the router next must pass through the firewall.  The firewall places strict limits on ports and protocols.  An additional intrusion detection system behind the firewall provides supplementary protection above that provided by any other networks with which you are connected.  If redundant links are used then the load-balancing layer, while not strictly a security layer, also provides additional port screening and protocol protection.  It has the ability to identify common DOS attacks and screen them from reaching the server.

The Web servers' layer runs Windows 2003 using IIS or an equivalent;  perhaps a Citrix or MetaFrame server as the application server.  IIS is configured in the minimal configuration required to run the Terminal Server layer. Microsoft security patches are routinely evaluated, tested, and applied. Application servers are configured to process only HTTP requests.  Other Internet protocols are disabled.  Only when data is requested by an authenticated user does it pass through the Application server to service the user request.

Virus Scanning

Your servers and indeed your entire environment must use the latest version of McAfee Virus Scan virus, or Norton Anti Virus detection software.  Virus Scanning should be automatically updated daily and be set to automatically clean any infected files that are placed on your intranet.  Files that are unable to be cleaned are rejected.  We suggest using two different AV engines for redundancy.

Patches and Updates

All servers have been hardened at the operating system and directory levels.  Non-essential ports and services have been disabled.

Microsoft security patches are routinely evaluated, tested, and applied by the Kilbride Connectivity operations team.  We actively monitor the bug tracking sites and subscribe to all of the common email notification lists.  Critical patches are evaluated and applied if applicable within 24-72 hours of release.

Kilbride Connectivity stays abreast of the latest security developments in the industry and conducts periodic security audits of its systems.

System Redundancy

Our goal is to eliminate all single points of failure.  Therefore, our service offers full redundancy of all system components to provide reliable, continuous, and secure service.  This includes fully redundant with respect to hardware, power, Internet connectivity, virus and spy detection.  The type and degree of redundancy varies depending on the type of component, its criticality to the system and, of course, the performance needs of the system. 

Regular Data Backups and Restore

Kilbride Connectivity data backup measures ensure that your previously stored and backed up information will be available to you in the event you inadvertently delete or overwrite critical data. 

Disaster Recovery Plan

Your business should be designed to withstand many foreseeable catastrophic failures such as power outages, contractor mishaps, fire, flood, and theft.  In the unlikely event of a catastrophic site failure, Kilbride Connectivity can help you develop a comprehensive recovery plan and put it in place. 

Downtime

We feel the best way to stop downtime in your business environment is through rigorously designing and testing redundant solutions.  Bottom line, we feel it is totally inappropriate for your employees to ever say "we can't do that right now, the computers are down'

[ Home ] [ Up ]

Send mail to CommuterComputer@cogeco.ca with questions or comments about this web site.