When security matters
Delivering secure services is at the very core of our business. Our engineers will assist you to make the right decisions for securing your applications, including initiating audits, risk assessments and penetration tests. See below for a detailed list of our Managed Security Services.
PCI-DSS Compliant Hosting Solutions from ISO27001 Certified Facilities
Your customers maintain trust in your online business's ability to secure and protect their data from theft. This extends well beyond credit card fraud as online businesses are increasingly finding themselves the targets of attacks that prove lucrative for identity theft and other forms of fraud.
The PCI (Payment Card Industry) prescribe a set of Data Security Standards (referred to as PCI-DSS) which help online businesses establish a baseline set of standards for securing their online businesses. PCI-DSS define a set of 12 requirements that address policy and implementation requirements that help provide a solid baseline for ensuring compliance with these standards.
For the small number of cases where clients must store data themselves rather than using a third-party payment gateway, Conexim assists with activities around PCI-DSS Certification.
Addressing the 6 Goals of PCI-DSS Compliance
- Build and Maintain a Secure Network: Conexim's no-single-point-of-failure network operated from our ISO27001 Certified Data Centres provides a solid foundation from which to establish the right architecture and design an implementation that provides the necessary isolation between payment and customer data and the rest of your application.
- Protect Cardholder Data: Conexim helps establish maximum isolation between Cardholder data and other elements of your applications using firewalls, network isolation and encryption under a principle of least privilege while this data is both stored and in transit.
- Vulnerability Management Program: As part of our Managed Services, Conexim engineers help manage known and unknown vulnerabilities through services including Intrusion Detection and Prevention and Web Application Firewalls. Conexim also maintains patch management on all Managed Hosting Services through subscriptions to software vendor mailing lists and tools to help facilitate updates in a controlled manner.
- Implement Strong Access Control Measures: Access to Cardholder data is maintained strictly under an auditable, need-to-know basis applicable to both applications and personnel. Conexim helps maintain this at all levels including Physical Security and ensuring that individuals with access to data are uniquely identifiable at all times.
- Regularly Monitor and Test Networks: Intrusion Prevention and Detection, Network Anomaly Detection, Web Application Firewall log analysis and Penetration Testing enable Conexim to help customers stay one step ahead of known and emerging attacks on their online properties.
- Maintain an Information Security Policy: Conexim maintain detailed Information Security Policies which provide a solid foundation for ensuring that all implementations are maintained under a principle of least privilege when it comes to protecting customer data. Conexim helps clients with ensuring that client's own Information Security Policies reflect PCI-DSS compliance requirements and the infrastructure that Conexim operates on their behalf.
Conexim provides full management of SSL Certificates from GeoTrust, Thawte and Symantec including EV (Extended Validation), Wildcard and SAN (Subject Alterative Name) Certificates, making the process simple and secure.
Conexim helps in selecting the most appropriate SSL certificate for your needs and assists with the complete SSL certificate lifecycle including:
- Selection: There are a multitude of SSL certificates available depending on specific needs. Conexim provides assistance in selecting the most appropriate SSL certificate to the level of trust and capability you require.
- Ordering: Conexim assists with the ordering process, ensuring the relevant details are made available to the singing Certification Authority.
- Installation: Conexim installs the certificate and fine-tunes the server to ensure that only the strongest of cyphers are used and the weakest are disabled.
- Support: As part of server upgrades or changes to your application’s architecture, Conexim assists with any changes required to the configuration that uses your SSL certification. If necessary, we assist with certificate re-issues and revocation.
- Renewal: Conexim notifies you well in advance of the SSL certificate expiring that a renewal is required and makes the process completely hands-off once approved.
For private applications, or for secure, encrypted connections between Conexim-hosted infrastructure and your offices or employees, Conexim offers fully managed VPN Services.
Conexim offers two types of VPN
- User IPSEC VPN: Securely connect your users from their PC, Mac or Linux Desktop to sites and applications hosted on Conexim’s infrastructure.
- Site-to-Site VPN: Securely connect offices or other infrastructure to Conexim’s managed hosting Services.
Conexim assists with setup and installation of IPSEC VPN Clients and/or routers for VPN access and manages all aspects of the VPN service including firewalling and routing.
Advanced Firewall, IPS and Threat Management
All of Conexim’s services are protected by high availability (HA) ICSA-Certified firewalls, which ensure that all services expose only those services that are intended to be made available to the Internet or other applications.
Conexim also designs solutions around multiple layers of firewalling from different hardware vendors incorporating full deep packet inspection, intrusion detection and prevention.
In addition to standard firewall services, Conexim provides Advanced Firewalling and Intrusion Prevention Services to further increase isolation and application security, often well above the requirements of standards such as PCI-DSS. This includes:
- Discrete Zones between different elements of your application, providing multiple levels of defence, protected by hardware firewalls.
- Intrusion Prevention Service detects and helps identify anomalies in network traffic that may represent reconnaissance/enumeration or an attempt to exploit a vulnerability in your application and can prevent the traffic reaching your application.
Web Application Firewall
As part of our comprehensive security-hardening system configurations, Conexim provides both external and host-based Web Application Firewalling to help protect web applications from escalating instances of attempts at exploiting threats in web applications.
As businesses come to rely on standardised platforms to run their Internet properties such as WordPress, Joomla, Magento and Drupal, outdated versions of these platforms and their associated plugins introduce significant risk to their owners. At a minimum, this can lead to defacement of web sites, or at most, a highly damaging theft of confidential information.
Conexim uses Web Application Firewalling as a key component of our security strategy to help mitigate against undiscovered vulnerabilities in addition to our regime of best-practice patch management.
Web Application Firewalling looks at all aspects of requests to your public-facing sites and detects anomalies in all parts of the request before handing it over to your site or application.
Conexim’s engineers are experts at fine tuning Web Application Firewalling to address your application’s requirements while reducing false positives.
Anti-Virus and Anti-Malware Protection
Conexim offers Trend Micro antivirus to help protect customer web sites and applications from viruses and malware.
Trend Micro Enterprise Security is a tightly integrated offering of content security products, services and solutions powered by the Trend Micro Smart Protection Network™. Together they deliver immediate protection from emerging threats while greatly reducing the cost and complexity of security management.
Conexim uses Trend Micro Enterprise Security to help address several key elements of the PCI-DSS as part of a Vulnerability Protection Program customised to your sites and applications.