Dotsilicon Limited - Security
 +88 01617 222 444

Security


Our Holistic Security Approach In order to reduce security risks to minimum, a holistic approach to security is required. Our security processes are born out of a clear definition of the threats to our system. Security threats are a result of the various interaction points that an application provides to the external world, and the various users that can interact with these interfaces. For instance Your Customers, Your Resellers, Your staff, Our Staff, Anonymous Internet Users and Third Party Servers are interacting with our Systems at any given point of time. Each of these actors need to have different access levels and different rights and permissions.

Security Goals

Our Holistic Security Model Our Security platform and process leverage on multiple levels of security - consisting of Security Systems and Equipment1 combined with Security Procedures and Practices2 and Auditing Processes3, to ensure unparalleled security for all the services we provide. The platform tackles security at 7 different levels.

Level 1 - Datacenter Security Our global datacenter partnerships are a result of a comprehensive Due diligence process. Security and stability are two of the most important variables in our due diligence process. All datacenters are equipped with surveillance cameras, biometric locks, authorization-based access policies, limited datacenter access, security personnel, and similar standard security equipment, processes and operations. What separates us however is the fact that our due diligence process also incorporates a measure of proactiveness demonstrated by the datacenter towards security. This is measured by evaluating past practices, customer case studies, and the amount of time the datacenter dedicates towards security research and study.

Level 2 - Network Security Our global infrastructure deployments incorporate DDOS mitigators, Intrusion Detection systems, and Firewalls both at the edge and the Rack level. Our deployments have weathered frequent hacking and DDOS attempts (sometimes as many as 3 in a single day) without any degradation. Protection against Distributed Denial-of-Service (DDoS) Attacks Denial of Service is currently the top source of financial loss due to cybercrime. The goal of a Denial-of-Service attack is to disrupt your business activities by stopping the operation of your web site, email or web applications. This is achieved by attacking the servers or network that host these services and overloading the key resources such as bandwidth, CPU and memory. The typical motives behind such attacks are extortion, bragging rights, political statements, damaging competition etc. Virtually any organization that connects to the Internet is vulnerable to these attacks. The business impact of large sustained DoS attacks is colossal, as it would lead to lost profits, customer dissatisfaction, productivity loss etc due to inavailability or deterioration of service. A DoS attack in most cases would even land you with the largest bandwidth overage invoice that you have ever seen. Our Distributed Denial-of-Service protection system provides unrivaled protection against DoS and DDoS attacks on your internet-facing infrastructures i.e. your websites, email and mission critical web applications, by using sophisticated state-of-the-art technology which automatically triggers itself as soon as an attack is launched. The DDoS mitigator’s filtering system blocks almost all fraudulent traffic and ensures that legitimate traffic is allowed up to the largest extent possible. These systems have seamlessly protected several web sites from large service outages caused by simultaneous attacks as large as 300+ Mbps in the past, thus allowing organizations to focus on their Business.

Level 3 - Host Security Hardware Standardization We have standardized on hardware vendors that have a track record of high security standards and quality support. Most of our infrastructure and datacenter partners use equipment from Cisco, Juniper, HP, Dell etc.

Level 4 - Software Security Our applications run on myriad systems with myriad server software. Operating Systems include various flavors of Linux, BSD, Windows. Server Software includes versions and flavors of Apache, IIS, Resin, Tomcat, Postgres, MySQL, MSSQL, Qmail, Sendmail, Proftpd etc etc. We ensure security despite the diverse portfolio of software products we utilize by following a process-oriented approach

Level 5 - Application Security All of the application software that is used in the platform is built by us. We do not outsource development. Any 3rd party Products or Components go through comprehensive training and testing procedures where all elements of such products are broken down and knowledge about their architecture and implementation is transferred to our team. This allows us to completely control all variables involved in any particular Product. All applications are engineered using our proprietary Product Engineering Process which follows a proactive approach towards security. Each application is broken down into various components such as User Interface, Core API, Backend Database etc. Each layer of abstraction has its own security checks, despite the security checks performed by a higher abstraction layer. All sensitive data is stored in an encrypted format. Our engineering and development practices ensure the highest level of security with regards to all application software.

Level 6 - Personnel Security The weakest link in the security chain is always the people you trust. Personnel, Development staff, Vendors, essentially anyone that has privileged access to your system. Our Holistic Security Approach attempts to minimize security risk brought on by the “Human Factor”. Information is divulged only on a “need-to-know” basis. Authorization expires upon the expiry of the requirement. Personnel are coached specifically in security measures and the criticality of observing them. Every employee that has administrator privileges to any of our servers goes through a comprehensive background check. Companies that skip out on this are putting to risk all sensitive and important data belonging to their customers, as no matter how much money is invested into high-end security solutions, one wrong hire - having the right amount of access - can cause greater damage than any external attack.

Level 7 - Security Audit Processes In a vast deployment of globally distributed servers, audit processes are required to ensure process replication and discipline. Are all servers being patched regularly? Are the backup scripts running all the time? Are offsite backups being rotated as desired? Are appropriate reference checks being performed on all personnel? Is the security equipment sending out timely alerts? These and many such questions are regularly verified in an out-of-band process that involves investigation, surveys, ethical hacking attempts, interviews etc. Our audit mechanisms alert us to a kink in our security processes before it is discovered by external users.



Address

DOTSILICON LIMITED
Bangladesh Office # 1:
SAASCO Group
Holding # 1/A, Plot # 27 (2nd Floor)
Milk Vita Road, Mirpur-7, Dhaka 1216.

Bangladesh Office # 2:
House # 485, Level # 1, Road # 05
Madrasha Road, East Kazipara
Mirpur, Dhaka-1216.

[Our Firmgate Support Centre is no longer available since Aug 2019]

Australia Office:
12 Campbell Street, Punchbowl, Australia.

Contact

Email: info@dotsilicon.com
Bangladesh Sales: +88 0161 5678 000
Global Hotline: +1 551 300 0029
Australia Hotline: +61 045 775 7756
Abuse Report: report@dotsilicon.com

Support

Need Help or Support?
Send email at support@dotsilicon.com
Click here to send your message
Domain Control Panel