Security at PCSmart Group
Posted by , Last modified by on 02 August 2015 01:00 PM
We are committed to ensuring the security of both our own, and customer infrastructure. This article details some of the procedures and methodologies we have in place.
All of our servers are hosted in leading datacentre facilities with locked racks and multiple layers of onsite security including high permitter fencing, biometrics and anti-tailgating.
By default we block port 25 for VPS services via www.pcsmarthosting.com or www.xensmart.co.uk in order to prevent SPAM and unsolicited mail. Any VPS customer requiring Port 25 will need to submit a ticket detailing the mail activities and it will then be verified by the management team. We have the ability to block both IP Addresses and Ports at the host-machine and network level, including per-IP analysis with Cisco Netflow.
All members of staff (Excluding the management team) are employed by us full-time, and work out of dedicated offices with onsite HR and Security following extensive background checks. We do not hire personnel working from home, students or part-time workers.
Billing & Support Platform
Both our billing system and support desk are provided over an encrypted SSL (HTTPS) connection to protect your information. If you order a server administration service and enter your login details, this information is securely transmitted and automatically generates a ticket on our helpdesk. Unless requested or in the case of a new server installation, we never email passwords to you.
Configuration Management (Automation)
Like most technology companies who manage large numbers of servers, we use configuration management tools to automate parts of our server administration. This not only eliminates human error, it also enables consistency across our fleet and the ability to quickly roll out updates and other configuration changes to all applicable servers.
Communication between servers and our configuration management systems is via a very strong 16384-bit RSA key (Typically these are 2048-bit). There are no agents or other software installed.
Our monitoring platform for servers is based around Nagios with various plugins to monitor services and overall health of your servers. We install the Nagios NRPE agent onto your servers, and configure it to only communicate with the IP of our Nagios instance.
Wherever possible we use key based authentication to access servers via SSH, and strongly encourage customers to disable password authentication for root, or all user accounts. Server credentials are stored within our own systems if necessary. We do not use any password management tools, or 3rd party services for authentication.
If you have any questions or concerns regarding security, please get in touch and we'll be happy to help.