Get 18% Off Apply coupon

Security

This post is also available in: العربية (Arabic) 简体中文 (Chinese (Simplified))

SECURITY

 

Last Updated: August 20, 2023

 

How do we Maintain Data Security of our Customers?

 

  • We maintain a two-factor authentication for FullStro.
  • Our Secure Shell Protocol are all password protected.
  • All our computed and devices running FullStro service tools are secured and up to date.
  • All employees of FullStro are trained with data security practices.
  • Employees of FullStro are regulated and only authorized to their respective data security level, we have build an internal system where different permission levels are required by the employee.

 

Infrastructure Hardening

 

  • Servers are running latest security updates and patched immediately when a kernel vulnerability is published
  • Servers are hosted in EU regions EU.
  • We maintain “Denial-of-service protections everywhere (this ensures service resiliency under attack)”.
  • In case of a hardware failure we maintain an architectural replication procedure in micro-services that ensures service continuity.
  • Our databases are all replicated around the world in different layers.
  • Our networks are protected with firewalls.
  • System has a monitoring method allowing us to be aware of issues before effecting our customers.
  • FullStro infrastructures were designed and developed in a manner to still run properly in case of server incidents or failure.
  • All FullStro are secured with DNSSEC.
  • FullStros SSH services has been designed to avoid any public reachability and are only limited to a set of allowed IPs.
  • Misuse of any IP’s get automatically banned or rate-limited (prevents brute-force attacks on accounts).

 

FullStro implements the GDPR regulation customers can find GDPR oriented policy here.

 

Ubiquitous Encryption

 

Encryption has become so cheap and convenient today that it’s now possible to enable it everywhere. All public network channels on the FullStro platform are fully encrypted. This comes for both assets loading (Web resources), and real-time chat channels (user messages and user data).

 

Our encryption techniques implement state-of-the-art practices:

 

  • Strong TLS keys: RSA, 2048 bits
  • Elliptic-Curve Cryptography
  • Forward-Secrecy with Diffie-Hellman parameters
  • HTTP Strict Transport Security

 

We dropped legacy encryption methods to alleviate known attacks:

 

  • The old SSL protocol is completely disabled (we use TLS)
  • Legacy ciphers are disabled (eg: RC4)

 

This allows you and your users to stay safe:

 

  • Hide the data as it is being transmitted on the network
  • Prevent all modification of data as it is being transmitted on the network
  • Prevent MITM (Man-in-the-middle attacks)
  • Allow the service to work on restricted networks, over strict proxies