Managing Your Data Security
Mediasphere understands the critical importance of protecting your data. We are committed to the fact that we must protect your data. As Mediasphere, an accredited and approved government provider, delivers secure online training solutions for major corporations, governments, organisations and education institutions, we provide a high level of security on three levels, hardware, application and database.
Identity Theft Protection
Identity theft refers to fraud that involves someone pretending to be someone else for their own gain. We apply the current best practice to protect your users’ identity theft including:
- Encrypted user password in database with strong encryption technique such as MD5 or SHA-1
- Use alpha numeric combination and case sensitive for user passwords.
- Minimalist approach in storing and displaying user private information.
Secure Access Policies
All users on your training website will be assigned the privileges based on their user level. This protection provides security with regard to access to administration portal. Your site administrator will have the access rights to add or delete any additional administration accounts. These administration accounts can be set as administrators or editors. There is also the option for your administrator to create additional administration accounts and set permissions and access rights to various modules.
Clients may request that Mediasphere add SSL encryption to the administration portal and the front end user portal. The SSL certificates provided by the client encrypt the data on the site. After the secure connection is made, the session key is used to encrypt all transmitted data. SSL allows sensitive information such as credit card numbers, private information and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted. The cost of applying your SSL certificate to your portal is a one-off fee of $550 inc. GST.
Session Hijacking Protection
Mediasphere uses file system based tracking for all users’ sessions to mitigate session hijacking and Cross-Server Scripting (XSS) potential. This means that every time a user logs on to your portal, it generates a new session value and stores the value in the database. On every page of training portal where authentication is required, the user session will be compared with the one stored in database. As the session is renewed, this guarantees a user dynamic session value, which makes it harder to duplicate or followed, thus providing a higher level of security.
Defamation of Site Protection
Mediasphere protects against defamation of the site by preventing unauthorised access to file servers. Our systems feature data validation on all forms and write access on files and folders permission (executable, read and write). The file upload directory has read / write access permissions to prevent malicious users from executing code remotely to gain access to the site.
IP Tables Software Firewall Security
IP Tables is a software firewall that provides a key layer of security. The software firewall controls all access to and from the server on designated ports, IP addresses and TCP and UDP layers. The firewall allows certain users from range of IP addresses to make requests to a designated port on the server or alternatively from server to IP addresses.
SQL injection Protection
SQL injection is a form of attack on a database-driven web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet. SQL Injection is a very common attack on search forms, login forms and most forms that send requests to server to access the server database. Mediasphere guards the input data submitted by user to eliminate unwanted code or SQL commands to be passed into the processing script. This is achieved by including all permissible file extensions (i.e. PDF, jpeg, js) and block all scripting type statements and non-approved file extensions.
Contact Our Network Management Team
To learn more about how we host your web portal and database on Rackspace’s scure infrastructure, please contact us on 1300 787 611 or +61 7 5555 0180. We also provide a global hosting network in six countries.