Our network security and monitoring techniques are designed to provide multiple layers of protection and defense. We use firewalls to prevent our network from unauthorized access and undesirable traffic. Our systems are segmented into separate networks to protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting Zeekoi production infrastructure.
We monitor firewall access with a strict, regular schedule. A network engineer reviews all changes made to the firewall every day. Additionally, these changes are reviewed every three months to update and revise the rules. Our dedicated Network Operations Center team monitors the infrastructure and applications for any discrepancies or suspicious activities. All crucial parameters are continuously monitored using our proprietary tool and notifications are triggered in any instance of abnormal or suspicious activities in our production environment.
We use technologies from well-established and trustworthy service providers to prevent DDoS attacks on the servers. These technologies offer multiple DDoS mitigation capabilities to prevent disruptions caused by bad traffic, while allowing good traffic through. This keeps our websites, applications, and APIs highly available and performing.
All servers provisioned for development and testing activities are hardened (by disabling unused ports and accounts, removing default passwords, etc.). The base Operating System (OS) image has server hardening built into it, and this OS image is provisioned in the servers, to ensure consistency across servers.
Our intrusion detection mechanism takes note of host-based signals on individual devices and network-based signals from monitoring points within the servers. Administrative access, use of privileged commands, and system calls on all servers in our production network are logged. Rules and machine intelligence built on top of this data give security engineers warnings of possible incidents. At the application layer, we have our proprietary WAF which operates on both whitelist and blacklist rules.
At the Internet Service Providers (ISP) level, a multi-layered security approach is implemented with scrubbing, network routing, rate limiting, and filtering to handle attacks from network layer to application layer. This system provides clean traffic, reliable proxy service, and a prompt reporting of attacks, if any.
Zeekoi uses Digital ocean Services to host your data. Even with public WiFi connections, passwords to Zeekoi products cannot be stolen. Users can confidently open Zeekoi products in public places through WiFi or mobile network connections.
Zeekoi is accessed exclusively through an SSL connection, from initial authorization to the downloading and uploading of company data
A change management policy controls each update and new feature to guarantee that all application changes are approved before being put into production. Our Software Development Life Cycle (SDLC) requires adherence to secure coding standards as well as manual review methods, vulnerability scanners, and tools for analysing code modifications for potential security flaws.
Our strong security architecture, which is built on OWASP standards and applied at the application layer, offers functionality to counteract threats like SQL injection, cross-site scripting, and application layer DOS attacks.
For our clients, our framework manages and distributes cloud storage. Using a collection of secure protocols built into the framework, each customer’s service data is logically segregated from that of other customers. As a result, no customer’s service information is made available to another customer.When you use our services, the service data is saved on the Digital Ocean server.for more about digital ocean privacy https://www.digitalocean.com/legal/privacy-policy
You are the owner of your data, not zeekoi. Without your permission, we do not disclose this information to any outside parties.
In transit: All customer data transmitted to our servers over public networks is protected using strong encryption protocols. We mandate all connections to our servers use Transport Layer Security (TLS 1.2/1.3) encryption with strong ciphers, for all connections including web access,API access,our mobile apps, and IMAP/POP/SMTP email client access. This ensures a secure connection by allowing the authentication of both parties involved in the connection, and by encrypting data to be transferred. Additionally for email, our services leverages opportunistic TLS by default. TLS encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol.
We have full support for Perfect Forward Secrecy (PFS) with our encrypted connections, which ensures that even if we were somehow compromised in the future, no previous communication could be decrypted. We have enabled HTTP Strict Transport Security header (HSTS) to all our web connections. This tells all modern browsers to only connect to us over an encrypted connection, even if you type a URL to an insecure page at our site. Additionally, on the web we flag all our authentication cookies as secure.
At rest: Sensitive customer data at rest is encrypted using 256-bit Advanced Encryption Standard (AES). The data that is encrypted at rest varies with the services you opt for. We own and maintain the keys using our in-house Key Management Service (KMS). We provide additional layers of security by encrypting the data encryption keys using master keys. The master keys and data encryption keys are physically separated and stored in different servers with limited access.
We hold the data in your account as long as you choose to use Zeekoi Services. Once you terminate your Zeekoi user account, your data will get deleted from the active database. In case of your unpaid account being inactive for a continuous period of 90 days, we reserve the right to terminate it after giving you prior notice .
A specialized server environment which does not allow write access to the local file system is used along with a customized PHP module which ensures isolation among users and security of user data.
Data transfer for all users is carried out via an SSL-encrypted connection (with a 256-bit key
Zeekoi proactive protection blocks 100% of web attacks attempting to use application vulnerabilities. Malicious users do not have any opportunity to load malicious code via PHP. The web application conforms to WAFEC 1.0 standards. Access to Zeekoi products is provided to users (companies) in complete isolation from other users, with hashed passwords protected with cryptographically strong algorithms. Limitation to specific subnets and logging of potentially threatening activity is also possible.
We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimize the risk of data exposure.
At the level of the operating system, the Zeekoi web server is behind a firewall where all ports are closed with the exception of those which are used for system purposes. Technical access to the server is carried out exclusively through Zeekoi subnets.
We track and examine data from services, internal network traffic, and usage of devices and terminals. Event logs, audit logs, fault logs, administrator logs, and operator logs are the formats in which we keep track of this data. In a fair amount, these logs are automatically watched and analysed to assist us spot anomalies like attempts to access customer data or strange activity in employee accounts. In order to administer access control centrally and guarantee availability, we store these logs on a secure server that is segregated from full system access.
We run incremental backups everyday and weekly full backups of our databases using Zeekoi Admin Console (ZAC) .Backup data in the DC is stored in the same location and encrypted using AES-256 bit algorithm. We store them in tar.gz format. All backed up data are retained for a period of three months. If a customer requests for data recovery within the retention period, we will restore their data and provide secure access to it. The timeline for data restoration depends on the size of the data and the complexity involved.
To ensure the safety of the backed-up data, we use a redundant array of independent disks (RAID) in the backup servers. All backups are scheduled and tracked regularly. In case of a failure, a re-run is initiated and is fixed immediately. The integrity and validation checks of the full backups are done automatically by the ZAC tool.
From your end, we strongly recommend scheduling regular backups of your data by exporting them from the respective Zeekoi services and storing it locally in your infrastructure.
So far, we have discussed what we do to offer security on various fronts to our customers. Here are the things that you as a customer can do to ensure security from your end:
© 2022,Zeekoi Enterprise Solutions PVT. LTD. All Rights Reserved.