Security Center

The Premiere Mission Critical Datacenter in the Midwest

The facility is served by an industrial strength infrastructure that includes four fiber vaults and three electric power feeds, providing more than 100 megawatts of power. The building is currently the second‐largest power customer for Commonwealth Edison, trailing only Chicago’s O’Hare Airport. More than 50 generators throughout the building and multiple 30,000-gallon tanks of diesel fuel support grid power.

System Overview

  • SSAE16 Type I & II Certified
  • Screened Subnet Topology - The most secure (and most expensive) option .In this case, the DMZ is placed between two firewalls.
  • DMZ
    • SonicWall VPN Firewall
    • IIS Web Server
  • Internal Network
    • SonicWall VPN Firewall
    • Microsoft SQL Server
    • Data Storage
    • The internal network has no external IPs, so it cannot be accessed from outside the network
  • PCI Compliance
  • Extended Validation SSL
  • Uploaded documents are deleted from server - We delete all documents that were uploaded once the order has been successfully delivered to our client's processing center. All processed verification requests are delivered directly to the requestor.
  • StegAlyzerRTS Steganography Detection
    • Detect fingerprints of over 1000 steganography applications
    • Detect signatures of over 55 steganography applications
    • Send real-time alerts to network security administrators
    • Retain copies of suspect files for further analysis
    • Totally transparent to insiders
  • Force encryption to the SQL Server
    • Connection is encrypted between the Web Server and SQL Server
  • Host based Anti-Virus: Symantec Endpoint Protection
    • Host Intrusion Prevention Software (HIPS)
    • Host Intrusion Detection Software (HIDS)
    • Disable USB port on all hosts
  • Logs management: Tripwire Log Center
    • Log and Event management for security and compliance
    • Monitor drive space from a centralize location
  • Password policies and security features
    • Password length must be at least 7 characters long, contain at least one number and at least one letter, and cannot be the same as the login id
    • Account lockout after 5 failed attempts
    • Block concurrent user connections. Users cannot login with the same login id from different locations simultaneously
    • After 3 months of account inactivity, user needs to verify his/her account
    • Locks end users out after 15 minutes of inactivity
    • New Accounts require an End User to activate by validating the email address and entering temporary login and password, at which time they are prompted to choose a new password
    • BankVOD Administrator can limit access by specifying an IP Address Range
    • Ability to create a BankVOD account can be restricted by Company Name, Valid Company EMail Address and IP Address
  • Logon/warning message displayed during initial logon process
  • Source code is analyzed using WebInspect before uploading to the production environment