Moonlighting Web Management

Moonlighting Web Management customers can rest easy with the security and reliability our network offers in delivering their website and email services to their customers. The entire network is being hosted in a top world class Data Center in Toronto Canada.

NATIVE WINDOWS 2003 and NATIVE LINUX SHARED HOSTING

With our Windows2003 plans you can use ASP, ASP.net, PHP, and MySQL databases from THE SAME PLAN. For hard core Unix/Linux hosting you can choose our native Linux host plans. We offer the best of both worlds. The features of BOTH unix and Windows2003 on a single plan (our windows2003 plans), or a more linux based hosting platform. Your choice!

Customer websites are housed in a data center that is connected to multiple Tier 1 Internet providers in Canada and the US, and has peering relationships with a growing number of other networks. The network provides OC-48 connection speeds with GIG-E (muli-peered, in multiple locations) and bandwidth that is uncapped and burst bandwidth available on demand. No slow or expensive upgrades! 100% Cisco powered internal network prioritizes high performance and redundancy. The Data Center uses state of the art, fault tolerant software, utilizing Hot Standby Router Protocol (HSRP). On average we provide 99.9% availability of services running on the network.

PHYSICAL SECURITY

The Network has implemented procedures to ensure that our security, like our network, is absolutely redundant. Our Network Operations Centre (NOC) is manned 24 hours a day, 7 days a week, and security officers are present in all locations round-the-clock. Closed Circuit Television (CCTV) has been installed in the Data Centre. Access points are monitored and all activity is recorded and digitally archived. Access to all doors is monitored, recorded and time stamped on a card by card basis.

PERIMETER SECURITY via MULTI-TIERED FIREWALLING

Our services have been engineered and managed by the best people in the industry, and here are the results:

Upstream Security:
Our upstream providers are constantly monitoring for DDoS, port scans and other initial attacks. These services are monitored 24x7, with instant notification of suspicious actions.

Perimeter Security:
We are employing a sophisticated set of advanced firewalls that do more than just block traffic! These devices (in a HA setup), provide for protection against the normal attack parameters (smurf, spoofing, port scans, d/DDoS, etc.) but also return 'garbage' back to the suspected potential attackers. That is, these devices, based on our custom parameters will/may/can return false returns, vague returns, no returns, too many returns, etc.

These devices are part of a global network of advanced virus pattern matching BEFORE the A/V companies have released a pattern update for a new worm, trojan, etc., our firewalls immediately start blocking email attachments (incoming/outgoing) from entering our server clusters. This means you are protected even before the AV companies have had time to respond!

Finally, our perimeter security systems are integrated with a global organization that collates and collects distributed attacks across many providers, and manages law enforcement and ISP notifications.

Our servers are protected with software-based firewalling:
These look at source and destination addresses, and source and destination ports. Our systems are secured using the latest security methods including router access list filtering on inbound carrier feeds and firewalling at the SYN level on internal devices. Our engineers are familiar with many types of firewall applications, including CheckPoint, ipchains, ipfw, ipfwadm, etc. We are able to modify response packets with masquerade responses to the remote initiator.

Monitoring:
ALL of our services are monitored by a professional enterprise-class monitoring system. All services, on all devices are monitored on a protocol-level basis. To be clear, this is not just a ping service. Each and every service is monitored by a protocol by protocol basis (DNS, WWW, FTP, etc.). We additionally do deep-level monitoring of all database services.

All servers are monitored from 4 geographically diverse locations:
Florida, Los Angeles, Australia, and the UK. Service outages are reported within 5 minutes, and our 24/7 on-site staff are ready to respond.

Backup/Recovery:
Reliability and response are keys to our services. So, we perform many backups and have them on hot-standby equipment ready to be put into action. As such, all user content (mail, web, ftp, etc.) is backed up every 2 hours and offloaded to standby drive arrays. Every 4 hours, all databases are backed up and replicated to the same multiple drive arrays. Once a day, we do perform a full backup of all devices. Daily backups are replicated to a set of dedicated drive arrays in an incremental image backup procedure.

These devices are encrypted, and drives removed once a few for offsite, archival storage. Also, all data is encrypted and sent offsite every 4 hours to our Disaster Recovery (DR) facility at an undisclosed location. This facility is our standby facility in the event of a very serious physical attack on the facilities (bomb, terrorism, earth quake, etc.). The DR facility is ready to be put into action at any time, and does function as tertiary DNS and Mail services.

ANTI-VIRUS MEASURES

In addition to our sophisticated front-line defenses against viruses (see firewall above), we have full and advanced virus scanning (in memory and post-file scanning) operational on all devices.

In order to better protect our customers we also offer complementary full email scanning on all mailboxes for all users.

We only use enterpris e-class equipment. We are primarily a Dell shop, focusing on the Dell PowerEdge 1750 class machine. All components are redundant (drive, power supply, etc.), and have a contract agreement for a maximal 4 hour onsite response time from Dell. All devices are managed by a private gigabit backbone that is used for command and control functions, in addition for secured backups and recovery of files. The private backbone infrastructure is dedicated purely to this functionality and is 100% separate from the Internet. All networking components are using 1 Gb/s switched infrastructure, with redundant hardware components.