You may have noticed other hosting providers blindly follow orders for network security changes, or worse, they don’t include any firewall at all without charging you extra. At Prominic.NET, we take our security procedures very seriously both for physical access to our data center and the less tangible—but equally important—network access to the systems we host.
There can be complex interactions or security concerns associated with the wide range of protocols and methods for making your business data available via the global Internet—publicly, or as a secure Extranet. Because of this, we encourage customers to regularly discuss their network security needs with us. We view our role as one of a watchful guardian, ensuring that the protections our customers need are properly designed and remain in place without hindering authorized access.
Each customer is ultimately responsible for the TCP/IP traffic rules protecting their outsourced servers. The types of choices for configuring these traffic rules are dependent on whether a customer subscribes to a Shared Firewall or a Dedicated Firewall. In either case Prominic.NET will guide you in all aspects of the decision making process, sharing with you our many years of network management experience.
Dedicated Firewalls & VPNs
Dedicated Firewalls are available to any Prominic customer with one or more Dedicated Servers. Dedicated firewall customers’ security decisions go beyond the application security model (such as Domino’s ACL or Apache’s .htaccess files) and are important considerations for any network administrator dealing with public Internet access. Some of the options available to a dedicated firewall customer include the ability to restrict inbound traffic flow to a set of source IP addresses, establish a firewall-based point-to-point IPSec Virtual Private Network, allow for mobile VPN clients, use a high availability redundant clustered configuration, and/or precisely control the various timeouts for different types of Internet protocol connections. A simple rule of thumb: If you intend to host more than one server, you should have a dedicated firewall.
Shared Firewall Security
Shared Firewalls are standard with all Prominic.NET accounts, unless upgraded to a Dedicated Firewall. The primary drawbacks to being on the Shared Firewall plan include: 1) paying extra for each “inbound tunnel” beyond the free set of (4) included with all Partitioned and Dedicated server accounts. 2) the lack of having a private internal physical network at our data centers. A private network eliminates the possibility of unauthorized access by any other customer who would be sharing the same firewall with your server in a Shared Firewall environment. It is important to restrict other customers from gaining special access because of the shared firewall’s physical host servers being on the same LAN segment. While there are plenty of ways to circumvent this activity in the software on each host system, the fact remains that Shared Firewall customers are not as well protected as Dedicated Firewall customers even after taking all such OS level precautions.
Free (Shared) Firewalls for Everyone!
Unlike many hosting providers, Prominic.NET does not allow the option of having no firewall. Even for heavy media streaming situations, we have a solution that is right for you. No matter what your requirements may be, we will find a way to meet your needs while still maintaining the fundamental tenant of Internet security by having a firewall in place to protect your OS from exploits in its TCP/IP stack or other known discoveries. The job of the firewall in this case is to ‘normalize’ all packets flowing into your server so that malicious attempts from hackers to overflow buffers or other common backdoor OS level attacks are made to be as difficult as possible.
Regardless of whether the Shared or Dedicated model is right for you, another important differentiator of Prominic.NET’s hosting service is our tightly integrated security model. Essentially, a security policy is in place for each IP address we assign to a customer. This integration goes deep into our control databases and is used heavily by our employees, monitoring systems, preemptive scanning tools, and of course the firewalls themselves to detect and ultimately prevent malicious activity against your server and our network.
Centralized Security Framework
As part of Prominic.NET’s automation system, our central control framework has been extended to automatically populate the firewalls we provide with the information integrated into our control databases. Translation: Your Prominic.NET Admin Portal becomes a single point of administration not only for your Shared, Partitioned, and Dedicated application service systems, but also for firewall rules. Similar to the segmentation model we use with our other application offerings, the appropriate feature sets are visible for customers based on their chosen configuration. Therefore, a customer who invests in a Dedicated firewall is given full editing privileges to configure very fine-grained details about their exact firewall. Likewise, a partitioned customer has the ability to decide on port settings granular to the IP level, but because they are on a Shared Firewall further details on the exact firewall configuration are reserved for Prominic.NET. Note: Customers who subscribe to Prominic.NET shared application hosting do not get control of any firewall settings because these customers do not receive their own IP address.
We are more than happy to answer any questions regarding our security infrastructure. Suggestions for improvement are always welcome as we strive to provide the most easily controllable, secure, and scalable hosting systems available for IBM Lotus and related products. If you have any questions, please contact us for more details.