NETWORK AND DATA CENTER OPERATIONS BGP4 TECHNOLOGY Customers are housed in a data center that is connected to multiple Tier 1 Internet providers in Canada and the US, and has peering relationships with a growing number of other networks. Boasting OC-192 connection speeds (muli-peered, in multiple locations) and bandwidth that is uncapped and burst bandwidth available on demand. No slow or expensive upgrades! 100% Cisco powered internal network prioritizes high performance and redundancy. The Data Center uses state of the art, fault tolerant software, utilizing Hot Standby Router Protocol (HSRP), and guaranteeing 99.9% uptime. PHYSICAL SECURITY The Network has implemented procedures to ensure that our security, like our network, is absolutely redundant. Our Network Operations Centre (NOC) is manned 24 hours a day, 7 days a week, and security officers are present in all locations round-the-clock. Closed Circuit Television (CCTV) has been installed in the Data Centres. Access points are monitored and all activity is recorded and digitally archived. Access to all doors is monitored, recorded and time stamped on a card by card basis. PERIMETER SECURITY via MULTI-TIERED FIREWALLING Our services have been engineered and managed by the best people in the industry, and here are the results: Upstream Security: Our upstream providers are constantly monitoring for DDoS, port scans and other initial attacks. These services are monitored 24x7, with instant notification of suspicious actions. Perimeter Security: We are employing a sophisticated set of advanced firewalls that do more than just block traffic! These devices (in a HA setup), provide for protection against the normal attack parameters (smurf, spoofing, port scans, d/DDoS, etc.) but also return 'garbage' back to the suspected potential attackers. That is, these devices, based on our custom parameters will/may/can return false returns, vague returns, no returns, too many returns, etc. These devices are part of a global network of advanced virus pattern matching BEFORE the A/V companies have released a pattern update for a new worm, trojan, etc., our firewalls immediately start blocking email attachments (incoming/outgoing) from entering our server clusters. This means you are protected even before the AV companies have had time to respond! Finally, our perimeter security systems are integrated with a global organization that collates and collects distributed attacks across many providers, and manages law enforcement and ISP notifications. Our servers are protected with software-based firewalling: These look at source and destination addresses, and source and destination ports. Our systems are secured using the latest security methods including router access list filtering on inbound carrier feeds and firewalling at the SYN level on internal devices. Our engineers are familiar with many types of firewall applications, including CheckPoint, ipchains, ipfw, ipfwadm, etc. We are able to modify response packets with masquerade responses to the remote initiator. Monitoring: ALL of our services are monitored by a professional enterprise-class monitoring system. All services, on all devices are monitored on a protocol-level basis. To be clear, this is not just a ping service. Each and every service is monitored by a protocol by protocol basis (DNS, WWW, FTP, etc.). We additionally do deep-level monitoring of all database services. All servers are monitored from 4 geographically diverse locations: Florida, Los Angeles, Australia, and the UK. Service outages are reported within 5 minutes, and our 24/7 on-site staff are ready to respond. Backup/Recovery: Reliability and response are keys to our services. So, we perform many backups and have them on hot-standby equipment ready to be put into action. As such, all user content (mail, web, ftp, etc.) is backed up on a bi-hourly basis and offloaded to standby drive arrays. Every 4 hours, all databases are backed up and replicated to the same multiple drive arrays. Once a day, we do perform a full backup of all devices. Hourly and daily backups are replicated to a set of dedicated drive arrays in an incremental image backup procedure. These devices are encrypted, and drives removed weekly for offsite, archival storage. Also, all data is encrypted and sent offsite every day to our Disaster Recovery (DR) facility at an undisclosed location. This facility is our standby facility in the event of a very serious physical attack on the facilities (bomb, terrorism, earth quake, etc.). The DR facility is ready to be put into action at any time, and does function as tertiary DNS and Mail services. Based on our testing, a complete disaster recovery would take a few hours to have absolutely all services functional after an unlikely, very serious disaster at our primary facilities. ALSO IN DEVELOPMENT: we will have a global failover solution in place which will make all sites and service load-balanced in 2 different countries, elliminiating ANY delays in an DR scenario. ANTI-VIRUS MEASURES In addition to our sophisticated front-line defences against viruses (see firewall above), we have full and advanced virus scanning (in memory and post-file scanning) operational on all devices. Additionally,  we offer complementary full email scanning on all mailboxes for all users. SERVER HARDWARE We only use enterprise-class equipment. We are primarily a Dell shop, focussing on the Dell PowerEdge 1750 class machine. All components are redundant (drive, power supply, etc.), and have a contract agreement for a maximal 4 hour onsite response time from Dell. All devices are managed by a private gigabit backbone that is used for command and control functions, in addition for secured backups and recovery of files. The private backbone infrastructure is dedicated purely to this functionality and is 100% separate from the Internet. All networking components are using 1 Gb/s switched infrastructure, with redundant hardware components.