DecoNetwork maintains the highest standards in server security to ensure that your information is protected. DecoNetwork has an extensive set of security measures in place to guard our servers against security vulnerabilities, such as data theft, spam, site hijacking, data corruption and denial of service attacks. You can rest assured that DecoNetwork follows industry standards and best practices to protect our servers against security risks.
This page provides you with answers to the frequently asked questions about DecoNetwork's server security measures.
Compliance with Security Standards
Question: Is DecoNetwork PCI compliant?
Answer: DecoNetwork is Level 1 PCI DSS compliant. This compliance extends to all online stores powered by DecoNetwork.
PCI DSS is the standard for protection of customer credit card information. For more information visit the PCI Compliance Guide website.
Question: How can I verify DecoNetwork's current PCI DSS compliance status?
Answer: You can run a PCI test against your DecoNetwork store using a free online PCI compliance test tool. Search "free PCI compliance test tool" in your browser to find a tool.
Question: What Protocols does the DecoNetwork application support?
Answer: DecoNetwork supports JavaSrcipt Object Notation (JSON), an open standard, human-readable file format for exchanging structured data between servers and web applications.
Question: Are DecoNetwork’s security operations, policies, procedures, and standards compatible and in compliance with the ISO 27001 Security Standard?
Answer: DecoNetwork follows the practices outlined in the PCI Data Security Standard, where applicable, to keep information access secure.
Server Hardening Processes
Question: How does DecoNetwork secure its servers?
Answer: We do a number of things to protect your data against the most sophisticated cyber attacks. The following is a subset of our server security practices:
- DDoS Protection: We employ a third-party and DDoS protection and migration service (DOSarrest) to protect against DDoS (Distributed Denial of Service) attacks. All traffic is routed through the DOSarrest network.
- SSH Key Authentication: SSH Keys are used to secure the DecoNetwork server against unauthorized access. SSH Keys provide strong authentication for system administrators and secure encrypted data communications over the Internet.
- Secured Data Centers: DecoNetwork's servers are located in highly secure, third-party data centers with multiple layers of security controls to protect against unauthorized access and environmental threats.
- PCI Vulnerability Scanning: We use standard PCI scanning to identify security vulnerabilities such as SQL injection and cross-site scripting (XSS) mistakes. Standard development practices are followed to prevent them.
- Sandbox Security: We use docker containers to isolate the application in a sandbox environment to detect security threats and keep vulnerabilities from spreading.
- Two-Way Firewall: We have configured firewall rules to monitor both inbound and outbound connections for unwanted traffic.
Question: How does DecoNetwork monitor for threats?
Answer: DecoNetwork employs a number of tools to monitor server activity for malicious threats and intrusion attempts. We run OSSEC, a host-based intrusion detection system (HIDS), and Zabbix, a monitoring solution, to be notified of potential security and system issues. We also subscribe to vulnerability RSS feeds (www.cvedetails.com) to be notified of any known exploits for all software we are running.
Application Level Security
Question: Is the DecoNetwork application available as a public cloud, private cloud or on-premise install?
Answer: The DecoNetwork application is a public cloud service.
Question: How is my password secured?
Answer: DecoNetwork account passwords are securely stored using one-way salted hash encryption. This means that passwords are not transmitted or stored in clear text.
Question: How are user accounts managed?
Answer: User accounts to your DecoNetwork subscription are managed by you. You can add a number of users with different permissions in the back-end of your DecoNetwork account. The number of user accounts you can add depends on the plan that you subscribe to.
Question: Does DecoNetwork support SSO (single sign-on)?
Answer: DecoNetwork supports custom SSO integration in the form of an API add-on that uses the JWT (JSON Web token) single sign-on. Note, only Enterprise customers have access to this add-on. (Enable via the App store).
Question: Where are DecoNetwork's servers located?
Answer: Our servers are located in top-tier third-party data centers in the US. Our main application is hosted with Aptum in Los Angeles. Some elements of our service, including the CorelDRAW vector engine, are hosted with AWS.
Question: How is physical equipment secured?
Answer: This is done by our server providers, Aptum and AWS.
Both Aptum and AWS data centers have a combination of access controls and environmental safeguards in place to secure physical equipment.
Aptum safeguards against unauthorized access include:
- 24x7x365 video surveillance monitoring of the data center complex
- Centralized card access control system with dual-factor biometric authentication
- Mantrap entry system to prevent tailgating
Aptum safeguards against environmental factors include:
- All network equipment is on dedicated UPS/battery backup to ensure uptime
- Generator power backup with 24hrs on-site fuel storage capacity in the event of a power outage
- Redundant air distribution on all mechanical components
- Pre-action dry pipe fire suppression system
- Hot/cold containment; Cold aisle contained with polypropylene strip door, blanking panel in cabinet
AWS safeguards against unauthorized access include:
- Locations in nondescript facilities
- 24/7 trained security guards
- Record keeping, video recording, storage and review of all physical access to the facilities
- Multi-factor authentication for physical access
AWS safeguards against environmental factors include:
- Automatic fire detection and suppression equipment
- Uninterruptible Power Supply (UPS) units to provide backup power in the event of an electrical failure
- Climate and temperature control to prevent overheating and reduce the possibility of power outages
Question: What information does DecoNetwork collect?
Answer: DecoNetwork collects information, including personally identifiable information (PII), for use only within the context of your DecoNetwork website. We collect customers' email, name, phone, login, and address. An IP address is stored in a login audit log, and against orders. Credit card details are not stored.
This information is collected mainly for the purpose of processing transactions. It also serves to improve customer service and improve service efficiency.
Question: How does DecoNetwork protect my information?
Answer: DecoNetwork uses Secure Sockets Layer (SSL) technology to transmit your information over a secure connection. Customers' PPI is protected by the DecoNetwork application by only allowing access by authorized users.
Question: What mechanisms exist for me to access the data that DecoNetwork collects?
Answer: You can use a JSON API, an application programming interface, to access order information. You can use CSV export methods to access customer details.
Question: How does DecoNetwork safeguard my data?
Answer: DecoNetwork has the following safeguards in place to ensure that your data remains secure, private and available at all times:
- Data Encryption: All data transmission to DecoNetwork are encrypted using industry-standard data encryption - PKCS #1 SHA-256 with RSA encryption protocols.
- SSL Authentication: SSL (Secure Socket Layer) certificates are used to authenticate the identity of your business and encrypt the data in transit.
- Secure Communication: All sensitive information and backend management is transmitted over the HyperText Transfer Protocol Secure (HTTPS) transport protocol.
- Regular Backups: To support data recovery, a rolling incremental, full snapshot of the database containing all information stored in the DecoNetwork application is taken multiple times a day. We are automatically notified of any issues with backups.
Question: What is DecoNetwork's procedure for restoring data should an issue occur?
Answer: The procedure depends on the issue. A full database restore of the system may be required, which involves the system being taken offline, or a partial database restore which may or may not involve downtime.
Question: Does DecoNetwork perform security logs?
Answer: Yes, DecoNetwork logs system activity in order to enable security reviews and analysis of the logs to help diagnose issues.
The DecoNetwork application keeps an internal audit log on major functions. A detailed DecoNetwork application request log is kept for 90 days. A log of every row-level change to our database is kept for over 90 days for internal use in tracking down any issues.
Business Hub keeps an order-centric event log for all major events related to an order.
OSSEC, a host-based intrusion detection system (HIDS), is used to analyze all server system logs and notifies DecoNetwork administrators when a rule is triggered.
Question: How can I access the logs?
Answer: Business Hub event and change logs are available within Business Hub. Other logs are only available to DecoNetwork.
Question: How do you monitor interactions between our systems and alert us of issues?
Answer: We do not monitor interactions between your system and ours.
If your system depends on an endpoint provided by DecoNetwork, it is your responsibility to monitor that endpoint. We internally monitor many systems and their metrics to proactively notify our internal technical staff before system issues occur. We monitor our system from an external perspective using PingDom, a website performance monitoring tool.