by Jason Sanderford, IT/Network Administrative Manager
In today’s digital landscape, securing web applications is paramount to safeguarding data and ensuring customer trust. At the heart of our infrastructure is a comprehensive, multi-layered security approach designed to protect against a variety of threats. This blog post will explore the core security features of Centurisk’s risk management software for risk pools and states, Riskstar, as hosted on Microsoft Azure.
1. Application Gateway with a Firewall
At the forefront of our security setup is the Application Gateway, coupled with Web Application Firewall (WAF). The Application Gateway manages and routes traffic efficiently while acting as the first line of defense. WAF continuously monitors incoming traffic for malicious requests, blocking threats such as:
- SQL injection attacks
- Cross-site scripting (XSS)
- Remote file inclusion (RFI)
- Other OWASP vulnerabilities
WAF also integrates with threat intelligence services to detect and mitigate new and evolving attack vectors, ensuring your data remains protected even as new threats emerge.
2. Disk Encryption for Data Protection
Data security is paramount, and our application ensures this by leveraging Disk Encryption. Using encryption for VMs, we encrypt all data at rest. This means that even if physical disks were compromised, the data would remain unreadable to unauthorized parties. We handle encryption keys securely, ensuring tight control over access and usage.
3. Customer Database Segregation
Each customer’s data is treated with the utmost care. We’ve implemented customer database segregation, ensuring that every client’s data is isolated in its own separate database. This increases security by limiting the scope of a potential breach. Customer data can never overlap or be exposed across tenants, reducing the attack surface.
4. Password Hashing and Salting
Password security is a critical concern. To protect user credentials, we implement a hashing and salting mechanism. When a password is created or updated, it is first salted with a unique value and then hashed using a strong cryptographic algorithm. This prevents attackers from retrieving passwords, even in the unlikely event of a database breach. Hashing and salting make it computationally impractical for attackers to reverse-engineer or brute-force passwords.
5. Azure’s Built-in DDoS Protection Services
Distributed Denial-of-Service (DDoS) attacks are a persistent threat. Azure’s built-in DDoS protection services automatically detect and mitigate large-scale attacks designed to overwhelm application resources. By continually analyzing traffic patterns, Azure DDoS Protection can distinguish between legitimate and malicious traffic, ensuring the application remains available and performant, even during attempted attacks.
6. SSL Termination and End-to-End Encryption
We ensure that all communication between clients and our servers is secure with SSL termination at the Application Gateway. This ensures that incoming connections are decrypted securely, inspected for threats by the WAF, and forwarded securely. On the backend, end-to-end encryption guarantees that data remains encrypted throughout its journey, from the user to the application and through to the database layer.
7. Cloud Security
Our cloud security solution plays a critical role in protecting our infrastructure. Our cloud security solution provides proactive threat detection and real-time monitoring, leveraging machine learning and threat intelligence to identify and prevent potential threats across virtual machines, databases, and applications. It also offers security recommendations, helping us continually improve our security posture.
8. Anti-Exploit Technology
By using advanced behavioral analysis, our anti-exploit technology blocks exploit attempts before they can cause damage, significantly reducing the risk of malware infections or system compromise. This powerful tool is designed to prevent sophisticated attacks such as:
- Privilege escalation techniques
- Zero-day exploits
- Memory-based attacks
9. Holistic Security Monitoring and Response
To round out our security framework, we’ve implemented monitoring and logging tools, ensuring real-time visibility into application performance and security. If an anomaly or potential breach is detected, our security team is immediately alerted, enabling quick action to mitigate any risks.
Conclusion: A Secure, Resilient Application
Riskstar is designed with security as a cornerstone. By leveraging the full power of our security offerings, along with cutting-edge tools and robust internal security practices, we ensure a highly secure environment for customer data. With features like WAF, disk encryption, database segregation, and advanced monitoring, we are committed to providing a secure and trustworthy platform for all users.
Your data is safe with us.
About the Author
When Jason Sanderford is not at Centurisk, solving customer conundrums and besting cybercriminals, he enjoys spending quality time with his son.