Enscand, Inc. takes security very seriously. Today's competitive corporate environment, coupled with the immature, often insecure nature of modern computing makes security important for almost any business. Below is a description of Enscand, Inc.'s baseline security provisions. Client requirements exceeding the following description can generally be accomodated upon request. This description is intended to provide clients and potential clients a general idea of the level of security employed. Some details must obviously be ommitted here for security's sake. In addition, it should be noted that the information contained on this page does not itself represent a security breach. All information on this page is either academic-only, or already obtainable by any sophisticated hacker. "Security-by-obscurity" is not relied upon as a primary security strategy.
Internet mail, web, and application services are provided on an Intel x86 Sun Solaris platform. Failover service is provided by a Intel SuSE Linux platform. The server is located behind a hardware firewall with only http (80), https (443), ssh (22), and smtp (25) ports open to the Internet side of the firewall. All sensitive web content is served with the secure (https) Apache web server, using SSL and digital certificates for encryption and server authentication. Any client login information is encrypted, and all login pages are themselves served via https. Many websites redirect login requests via a 3rd-party secure authentication domain (e.g. OpenID, Google, Facebook), making it difficult for users to tell whether their information is indeed protected with SSL encryption. OpenSSH is used for secure command-line remote administration using SSH2 strong cryptography. No telnet or insecure FTP access is allowed, nor are any other internet (WAN) services which employ clear-text password transmissions.Communications
Sensitive email communications are provided by using a PGP client plug-in for Outlook to encrypt message content. DH/DSS keys are used for the encryption. Keys can be downloaded here and should be verified personally via electronic thumbprint before using. Postfix Solaris mail server is used as the SMTP mail transfer agent.
Office SecurityComputing Security
All computer systems are access-controlled via password authentication supported by the
resident OS's. Primary networking is provided via 10 Mbps, 100 Mbps, and 1 Gbps ethernet.
network access is gained via a 802.11b Wi-Fi router. Access is restricted with both 128-bit WEP
encryption as well as MAC control, and the entire Wi-Fi network is kept on an "untrusted" subnet by
the Enscand Watchguard Firebox firewall.
Physical security at the Enscand, Inc. office in Seattle is provided via a custom intrusion
detection and alarm system. The custom system was choosen to accomodate flexible security
needs for the home office. In addition, while all security systems have weaknesses, many of
the common off-the-shelf systems available have weaknesses that are well-known to experienced
criminals. While more expensive, the custom system allows for easier upgrading as future
needs change. The system was also implemented as a demonstration of technical areas of
expertise. Entry alarms, motion detection, video surveillance and recording, and remote
monitoring/notification are all supported by the system. Backup data is locked in a hardened,
fire-proof physical safe.