Cloud Security

• Multiple Rackspace(check Status) Data Centers
• Monthly backups are encrypted off site
• Only the strong password protected ssh key in control of our security manager has access to hosted environments
• Stable Linux branches are used and security updates are applied in under 3 hours
• Application Security SSL (prevent passwords collection from public Wifi, Additional Option)
• White list (prevent passwords guessing from known hostile networks)
• Session Security Level to 4 (prevent session hijacking)
• Minimum password length to 8 (make password guessing harder) Auto blacklisting Authentication report
• Active Directory Authentication Administrative Security Staff workstations use annual fresh installs of OS X to avoid most malware
• Payment information is transmitted and stored offline Only Senior staff have access to sensitive information

On-Premise Security (Client Options)

• Whole disk encryption (prevents bypassing security by reading the disk with another computer)
• Dedicated server (reduces exploitable surface area)
• Linux OS (protects from windows malware)
• Firewall blocking all but ssh and the noodle http[s] ports. (reduces exploitable surface area) ssh keys (prevents password guessing on ssh)
• Encrypted VPN or ssh tunnel (use with keys will prevent MITMA from a spoofed Wifi or an untrusted ISP or government)
• Anonymity networks like tor can be used (optionally with SSL or ssh) (in practice will prevent anyone, including governments, from knowing what server a user is talking to) Isolation; not, indirectly, NAT, or public network connection