Technical & Network Configurations

Our Server Configurations are described as per as below:

Processor: AMD RYZEN 9

NVME SSD: 4 TB
CPU: 3.40 GHz
Cores: 16
Logical processors: 32
RAM: 128GB
Bandwidth: 1TB

As a security measure we secure over servers behind multi-level firewalls and all
our servers are VAPT certified for any vulnerability and we also use MD5 and AES
256 encryption for the EDR and other data. All the disks on server are on Soft Raid
1 for any disaster recovery.

Safety Features
Multi-Level Firewalls: Multi-level firewalls provide defense in-depth, offering
multiple layers of protection to your servers. They can filter and monitor incoming
and outgoing traffic, protecting your servers from unauthorized access and
malicious activities.

1. Vulnerability Assessment and Penetration Testing (VAPT): Regular

VAPT assessments help identify and address security vulnerabilities in your
servers and applications. It ensures that potential weaknesses are mitigated,
reducing the risk of exploitation.
Let's delve into Vulnerability Assessment and Penetration Testing (VAPT) in more
detail:

Vulnerability Assessment (VA):

1. Purpose: VA is the process of identifying, assessing, and prioritizing

vulnerabilities in your IT infrastructure, applications, and network. It aims to
uncover weaknesses that could potentially be exploited by malicious actors.
2. Scanning Tools: Specialized vulnerability scanning tools are used to
automatically scan and assess your systems. These tools look for known
vulnerabilities in software, configurations, and network settings.
3. Types of Vulnerabilities: VA identifies various types of vulnerabilities,
including software vulnerabilities (e.g., unpatched software), configuration
vulnerabilities (e.g., weak passwords or misconfigured firewall rules), and
design flaws.
4. Asset Discovery: VA helps in creating an inventory of all assets within your
network, including servers, workstations, routers, and applications.
5. Risk Assessment: After identifying vulnerabilities, the next step is to assess
the associated risks. This involves determining the potential impact and
likelihood of exploitation.
6. Reporting: A comprehensive report is generated, listing all identified
vulnerabilities along with their severity levels. This report helps
organizations prioritize which vulnerabilities need immediate attention.

Penetration Testing (PT):

1. Purpose: Penetration testing, also known as ethical hacking, goes a step

further than VA. It involves simulating real-world cyberattacks to assess the
security of your systems, applications, and networks.
2. Manual Testing: Unlike automated scanning in VA, penetration testing
often involves manual testing techniques performed by certified ethical
hackers. These experts try to exploit vulnerabilities to determine if they are
genuine security risks.
 3. Simulation of Attack Scenarios: Penetration testers simulate a variety of
attack scenarios, including network-based attacks, web application attacks,
social engineering, and physical security testing.
4. Real-World Testing: PT mimics the tactics, techniques, and procedures
(TTPs) of potential attackers. Testers attempt to gain unauthorized access,
escalate privileges, and exfiltrate sensitive data.
5. Ethical Testing: It's important to note that PT is conducted by ethical
hackers who follow a strict code of conduct and do not engage in malicious
activities. The goal is to identify vulnerabilities and weaknesses to help
organizations strengthen their security.
6. Exploitation Reporting: During PT, any successfully exploited
vulnerabilities are documented. The report provides details on the
exploitation process and recommendations for mitigating risks.

Key Benefits

 Risk Mitigation: VAPT helps organizations identify and address security

vulnerabilities before malicious actors can exploit them, reducing the risk of
data breaches and cyberattacks.
 Compliance: Many industry regulations and standards, such as PCI DSS,
HIPAA, and GDPR, require regular vulnerability assessments and
penetration testing to ensure data protection and compliance.
 Continuous Improvement: By regularly conducting VAPT assessments,
organizations can continuously improve their security posture by addressing
new vulnerabilities that emerge as technology evolves.
 Security Awareness: VAPT helps raise awareness of security issues within
an organization, fostering a culture of cybersecurity.
 Data Protection: Identifying and fixing vulnerabilities ensures the
protection of sensitive data, customer information, and intellectual property.

It's essential to conduct VAPT assessments regularly, as new vulnerabilities

can emerge due to software updates, configuration changes, and evolving
threat landscapes. These assessments are a critical component of a
comprehensive cybersecurity strategy.
 2. Encryption (MD5 and AES 256): The use of encryption, particularly AES
256, is essential for securing data in transit and at rest. It ensures that even if
unauthorized access occurs, the data remains unintelligible to unauthorized
users.

MD5 (Message Digest Algorithm 5)

MD5 is a widely used cryptographic hash function that generates a fixed-size 128-
bit (16-byte) hash value. While MD5 is technically a cryptographic algorithm, it's
primarily used for data integrity and checksum verification rather than encryption.
Here are some key points about MD5:

1. Data Integrity: MD5 is often used to create a checksum or hash value for
data. This hash value is used to verify that data has not been tampered with
during transmission or storage.
2. Hashing: MD5 takes an input (message) and produces a fixed-length hash
value. Even a small change in the input data results in a significantly
different hash value, making it useful for detecting alterations.
3. Weaknesses: MD5 is considered cryptographically broken and unsuitable
for further use due to vulnerabilities that allow for collision attacks (two
different inputs producing the same hash). For security-sensitive
applications, more secure hash functions like SHA-256 or SHA-3 are
recommended.

AES (Advanced Encryption Standard) 256

AES is a symmetric encryption algorithm widely recognized for its strong security
and is suitable for encrypting sensitive data. AES 256 specifically refers to using a
256-bit encryption key. Here are key points about AES 256:

a. Symmetric Encryption: AES is a symmetric key encryption algorithm,

which means the same key is used for both encryption and decryption. AES
256 uses a 256-bit (32-byte) encryption key.
b. Security: AES is considered highly secure and has been adopted as the
encryption standard by governments and organizations worldwide. AES 256,

in particular, provides a high level of security, making it extremely resistant

to brute-force attacks.
c. Use Cases: AES encryption is commonly used to secure data at rest (e.g.,
data stored on disks), data in transit (e.g., during secure communication),
and in various security applications.
d. Key Management: Key management is crucial in AES encryption.
Protecting and managing encryption keys is essential to maintaining data
security.
e. Performance: AES is known for its efficient performance in encrypting and
decrypting data, making it suitable for a wide range of applications.

In summary, MD5 is not typically used for data encryption but rather for
data integrity verification. AES256, on the other hand is a robust encryption
algorithm suitable for securing sensitive data. When dealing with the
security of data, especially sensitive or confidential information, AED256 is
a highly recommended choice due to its strong security features.

3. Soft RAID 1: Soft RAID (Redundant Array of Independent Disks) 1, or

mirroring, provides redundancy by duplicating data across multiple disks. In
case of disk failure, the system can continue to operate without data loss.
This redundancy adds to the overall safety and resilience of your server
infrastructure.

Disaster Recovery (DR)

1. Data Backup and Restore: Implement regular backup schedules for all
critical data. Ensure that backups are stored in a secure, off-site location.
This allows for data recovery in case of accidental deletions, data
corruption, or other data-related disasters.
2. Business Continuity Plan (BCP): Develop a comprehensive BCP that
outlines how your business will continue operations in the event of a
disaster. This plan includes not only IT considerations but also business
processes, communications, and employee roles and responsibilities.

3. High Availability (HA) Architecture: Consider deploying your

applications and services in an HA architecture. This involves having
redundant systems that can automatically take over if one fails. This
approach minimizes downtime and ensures service availability.
4. Geographic Redundancy: If your budget allows, consider having
servers in geographically diverse locations. This provides geographical
redundancy and enhances your DR capabilities. In the event of a regional
disaster, services can continue from another location.
5. Failover Testing: Regularly test failover mechanisms and DR
procedures to ensure they work as expected. This helps identify and
address any weaknesses in your DR plan before a real disaster occurs.
6. Communication Plan: Develop a communication plan that outlines how
you will inform employees, customers, and stakeholders in case of a
disaster. Clear and timely communication is crucial during a crisis.
7. Documentation and Procedures: Ensure that you have detailed
documentation of your DR plan, including step-by-step procedures. This
documentation should be accessible to key personnel responsible for DR.
8. Monitoring and Alerting: Implement real-time monitoring of your
server infrastructure. Use alerting systems to notify IT staff of any
unusual activities, potential issues, or anomalies that may signal a
disaster in progress.
9. Regular Updates and Improvements: DR plans should be regularly
reviewed, updated, and improved to stay current with changes in your
infrastructure, new risks, and evolving best practices.
10.Testing and Training: Regularly conduct DR exercises and provide
training to employees to ensure they are familiar with DR procedures.
11.By implementing these safety features and DR measures, you'll be well-
prepared to respond effectively to potential disasters and minimize
 downtime, data loss, and other adverse impacts on your business
operations.

We also have a BCP in place where certain proper measures have been taken so
that just incase of any unfortunate event the business continuity will take place.
Incase further information is required for the above, we can share detailed report
on the same as well.