As with any emerging and popular technology, one of the demerits associated with it the attention from rogue elements which is generated. It becomes not an option, but a necessity to be on toes to adopt best practices to prevent your infrastructure being compromised.
Apart from implementing good security practices, we regularly advise our patrons on good security practices, most important among which are the following:
- User Level Security.
- Operations Level Interfaces password should be strong and more than 8 characters. A strong password is combination of digits, characters and special characters.
- Username and Passwords should not be same.
- Password should not be like date of birth, your name.
- Make it a habit to keep changing your passwords regularly.
- Password should not be shared or scribbled anywhere it can be seen by anyone. Even if you have to scribble it, make sure only you have access to it.
- Although NextStag platform has in-built fraud detection pattern built-in, still we advise to keep checking your call-logs periodically for abusive patterns.
- There should be one administrative user account. If there is need to have more than one, then Access Control List should be applied on more account.
- Do not save the password on the browser in case of Public PC.
- Keep a regular check on your payments and refills using the “Refills” module. Use the option of “Refill alert” to notify you via Email/SMS when a refill is made on any account above a threshold amount.
Security Practices by NextStag
At system or server level we use following:
- We do not use the default port of applications.
- Unneeded services and applications are stopped from automatic starting. This aids in system performance too.
- We have a firewall policy of “deny allow,allow selected” on packet level.
- Additionally, our platform had provision for automatic detection of flooding and brute-force on accounts. Furthermore, the originating IP address of such requests are automatically added to “drop” list.
- The system has periodic scan for weak and easy-sounding username and password pairs for SIP access (Eg:111,222 etc.)
- Starting this month, the web-access for platform has been changed by defaults to HTTPS over HTTP.
- Whole platform is Sql-injection proof and XSS proof.
- We have ICMP disabled on systems for port scanning.
- We do not use database default user and password.
Since we have our customers trust riding on us, we also design system for failures: i.e, we have systems and processes in place to mitigate risks and losses when system must go down. These include periodic backup, hot-failover of SIP links to geographically different datacenters.