Fpweb.net Security Policy


Network security vulnerabilities pose multi-billion dollar threats to corporations. Fpweb.net Managed Hosting protects you with the industry's most potent security tools and techniques that are designed, built and maintained specifically for enterprise-class Web operations.

Fpweb.net offers a comprehensive suite of security technologies including:

Infrastructure

Secure hosting starts at the data center and includes traditional locks, access controls and biometric surveillance systems. Robust fire suppression, HVAC, power feeds, hot-swappable servers and routers are available in the event of an outage. Background checks and certifications ensure the integrity of all personnel.

Network

Our 100% Cisco Powered Network, built on hardened routers and audited by Cisco, ensure maximum security protection. Our secure server network incorporates a patented Intrusion Detection System to protect against external threats.

Firewalls are managed by security specialists and deployed in a 'private IP' space, while customer servers and routers are segregated in Virtual Local Area Networks (VLAN). Server hosting network security features also include multi-level privileges, OS lockdowns, centralized authentication and device change logs.

Hardware

All Operating Systems are loaded, hardened and managed to ensure proper security. By maintaining on-site inventories, Web laboratories and automated deployment systems -- in addition to close relationships with key hardware vendors -- we guarantee hardware availability.

Applications

Our security regimen also addresses the inherent vulnerabilities of applications, including enterprise databases, Microsoft® IIS, Apache, Linux, mail services, FTPservers, DNSand streaming media. We implement firewalls and deactivate non-essential features to further protect applications.

Security Patching

By constantly updating our security systems, we ensure optimum protection for our customers. We monitor and address emerging threats, and quickly process and apply new security patches.

Threat Analysis

Fpweb.net employs advanced technologies to identify and address security weaknesses in Web-oriented servers, applications and activities. We constantly examine all firewalls, load-balancers, SSLaccelerators and switches, as well as external developments, for any potential security events.

Forensics

Should a security event occur, Fpweb.net can conduct a comprehensive post-incident examination designed to reduce the risk of future threats. By documenting dollar losses, if any, Fpweb.net can help justify the involvement of the FBI or other law enforcement agencies.

Security Testing Laboratory

Fpweb.net subjects all devices to full security testing before they are deployed -- including the installation and configuration of the Operating System, the disabling of vulnerable or unneeded services, and advanced vulnerability tests.

Certified Engineers and Security Teams

To ensure a fast response to a security event, qualified personnel are available 24x7x365. Our security specialists have earned Cisco Certified Security Professional, Certified Information System Security Professional and other security certifications. Facility security access to Fpweb.net data center facilities is tightly controlled.

Data Center Facility Access

Although customers may generally visit their equipment at any time, 24x7x365, they must comply with certain access procedures and must provide advance notice to Fpweb.net for certain actions. All visitors must be designated on an access list, must provide proper identification to and sign in with facility staff, and in shared environments or as otherwise necessary must be escorted in the facility. All visitors are subject to full-time surveillance by cameras and other monitoring equipment.

As part of Fpweb.net’s security program for its data center facilities, Fpweb.net requires that each customer maintain an access list with the names of persons authorized to conduct business in the customer’s area within the specific data center facility. At the time of signing up as a customer, each customer must designated specific individuals to serve as their "Customer Points of Contact."

The designated Customer Points of Contact are responsible for the following:

  • Timely notifying Fpweb.net of changes to their authorized access list to add or remove authorized employees and designated representatives. Notification may be made by one of the following methods:
  • Providing Fpweb.net with information necessary to properly identify persons on the access list.
  • Ensuring the professional conduct of their authorized employees, designated representatives, and any visitors while in the facility.
  • Conveying to their employees, designated representatives, or authorized visitors the requirements for gaining authorized access into an Fpweb.net data center facility Access Procedures.
  • Only persons on the authorized access list, or accompanied and escorted by persons on the access list, will be allowed into the data center facility. Persons who are on the authorized access list will be asked to present and leave an acceptable form of identification (government issued identification card, i.e. driver’s license), which will be returned upon exit.
  • Consultants or others authorized to service a customer’s equipment located within the facility must be added to the access list or escorted by a representative of customer whose name is already on the access list. All escorted visitors or guests must also present acceptable identification.
  • No exceptions will be made to this policy, and any person refusing to comply will be requested to leave or be escorted from the facility. Subsequent contact will be made with the designated Customer Point of Contact, who will be notified of the event.

Removal of Customer Equipment

Customers must provide Fpweb.net with written notification at least one full business day in advance of removing any customer equipment. If a customer has a need to remove equipment on shorter notice, customer must still provide a written request and allow reasonable time for Fpweb.net to review the request.

Before authorizing the removal of any equipment, Fpweb.net will confirm customer’s ownership and rights to remove the equipment, including payment of any amounts due.

Customer will be solely responsible to bring appropriate packaging and moving materials. Should a customer use an agent or other third party (for example, a common carrier such as U.P.S.) to remove and/or ship equipment, the customer will be solely responsible for the acts of such party, and any damages caused by such party to the equipment. Customers may request that Fpweb.net remove and package the customer’s equipment, and place such equipment in a designated area for pick-up, on the condition that the customer either provides all packaging needed or pays Fpweb.net to package the equipment