LogoLogo
Web HomeTutorialsPortal
  • Bamboozle Wiki and Documents
  • Products
    • Cloud
      • Compute
        • Managing Virtual Machines
          • Supported guest operating systems
          • Creating virtual machines
          • Connecting to virtual machines
          • Managing virtual machine power state
          • Attaching ISO images to virtual machines
          • Reconfiguring virtual machines
            • Changing virtual machine resources
            • Configuring network interfaces of virtual machines
            • Configuring virtual machine volumes
          • Monitoring virtual machines
          • Shelving virtual machines
          • Rescuing virtual machines
          • Managing guest tools
            • Installing guest tools
            • Uninstalling guest tools
          • Troubleshooting virtual machines
          • Deleting virtual machines
          • Managing SSH keys
        • Managing security groups
          • Creating and deleting security groups
          • Managing security group rules
          • Changing security group assignment
        • Managing images
          • Uploading images
          • Creating volumes from images
          • Preparing templates
            • Preparing Linux templates
            • Preparing Windows templates
            • Enabling logging for virtual machines
        • Managing volumes
          • Creating and deleting volumes
          • Attaching and detaching volumes
          • Resizing volumes
          • Creating images from volumes
          • Cloning volumes
          • Managing volume snapshots
        • Managing virtual networks
        • Managing VPN connections
          • Creating VPN connections
          • Editing VPN connections
          • Restarting and deleting VPN connections
        • Managing virtual routers
          • Managing router interfaces
          • Managing static routes
      • Managed Kubernetes
        • Creating and deleting Kubernetes clusters
      • Object Storage
        • Instances
        • How-to
          • Access Storage with S3 SDKs
          • Access Object Storage with Cyberduck
          • Access Storage with Mountainduck
        • Addtional Ressources
          • Supported Amazon S3 features
    • Servers
      • Cloud Servers
      • Dedicated Servers
    • Cyber Protect
      • Welcome to Cyber Protect
      • Supported features by OS
      • Activating the account
        • Password requirements
        • Two-factor authentication
      • Accessing the Cyber Protect service
      • The Cyber Protect console
      • Installing the software
        • Which agent do I need?
        • System requirements for agents
        • Preparation
        • Linux packages
        • Proxy server settings
        • Installing the Protection Agents
          • Downloading protection agents
          • Installing protection agents in Windows
          • Installing protection agents in Linux
          • Installing protection agents in macOS
          • Granting the required system permissions to the Connect Agent
          • Changing the logon account on Windows machines
          • Dynamic installation and uninstallation of components
    • Business Email
      • Getting started
        • DNS Records
        • Setting up a Mail Client with IMAP
        • Setting up your Mailbox with macOS, iOS, ipadOS and Android Devices
        • Configure Microsoft Outlook for Business Email
        • Zimbra Connector for Microsoft Outlook User Guide
      • Web Mail Client
        • Webmail Login
        • Mail
          • Left Sidebar
          • Email Pane
          • Reading Pane
          • Keyboard Shortcuts
      • Zimbra Modern Desktop
    • Web Hosting
      • Linux Web Hosting
        • cPanel Overview
          • Getting Started in cPanel
          • Server Information for cPanel
        • Preferences
          • Account Preferences
          • Audit Log
          • Change Language
          • Contact Information
      • Windows Web Hosting
    • SSL Certificates
      • SSL Intermediate and ROOT CA Bundles
        • RapidSSL CA Bundle
  • Tutorials
    • Rocky Linux
      • Rocky Linux 9
        • Basic Server Setup with Rocky Linux 9
  • Billing
    • Payment Methods
    • Credit Card Refunds
  • Legal
    • Legal Documents
      • Terms & Conditions
      • Master Agreement for Datacenter IP Services
      • Privacy
      • Service Level Agreement (SLA)
        • Public & Private Cloud
        • IP Transit Service Level Agreement
      • GDPR
        • FAQ
        • Data Processing Agreement
          • Schedule 1: Description of the Processing and Subprocessors
          • Schedule 2: Controller-to-Controller Information for International Data Transfers
      • Supplier Code of Conduct
  • Security
    • Platform Security
    • Infrastructure Security
    • Certification Reports
  • Pricing
    • Overview
    • Cloud
      • Compute
      • Volumes & Snapshots
      • Load Balancers
      • VPN
      • Elastic IPs
      • Traffic
    • Billing Q&A
      • Colocation - 95th percentile billing
  • Other Technical Information
    • Peering
Powered by GitBook
LogoLogo

Copyright © 2024 Bamboozle Web Services, Inc. All Rights Reserved.

On this page
  • Networking
  • Servers
  • Storage
  • Virtualization

Was this helpful?

Export as PDF
  1. Security

Infrastructure Security

Infrastructure security is the foundation of maintaining secure cloud and server infrastructure. This includes the physical data center security, networking components, and virtualization infrastructure. Bamboozle's infrastructure is continually maintained following internationally recognized security controls. Our infrastructure is monitored 24/7/365 and undergo third-party audits as well targeted testing annually. For physical security, each of our data center colocation providers maintain industry-recognized certifications and our networks are MANRS certified.

Networking

Bamboozle networks are collections of servers connected by wires provided by multiple Internet Service Providers (ISP). We develop, document, and maintain a current baseline for all machines and network device hardware. The following list is an example of controls we maintain for network security:

  • Update the baseline configuration for network devices at least annually or when a significant change occurs.

  • Use the least privilege method when provisioning infrastructure components. Any unnecessary ports or protocols are disabled. Network scanning is performed to validate that any ports or protocols are in use as defined.

  • Use industry standard transport protocols such as TLS between devices and Bamboozle data centers, and within data centers themselves.

  • Employ a defense in-depth strategy for boundary protection, including secure segmentation of network environments through several methods including VLAN segmentation, ACL restrictions, and encrypted communications for remote connectivity.

  • Define, implement and evaluate processes, procedures, and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.

Servers

Bamboozle servers are hardware connected by a network housed in a data center. Every Bamboozle data center implements controls that ensure physical access to the facilities, backup data, and other system components such as virtual systems and servers is restricted. The following list is an example of controls Bamboozle and its data centers maintain for server security:

  • Biometric, proximity card, and/or personal identification number (PIN) reader systems (varies by data center facility) used to restrict data center access to only those individuals provisioned with access; the systems are also used to monitor, log, and notify personnel of physical security alarms.

  • Maintain monitoring mechanisms over infrastructure to check server performance, data, traffic, and load capacity.

  • Detect and route issues experienced by hosts in real time and employ orchestration tooling that has the ability to regenerate hosts.

  • Third parties provide a certificate of destruction upon destruction of physical production assets maintained in the collocated data centers.

  • Documented logical access policies and procedures to guide personnel in information security practices that include, but are not limited to: password requirements, acceptable use, access provisioning, and access termination

Storage

Bamboozle storage is the physical disk on the server that runs your Droplet. These devices are encrypted at rest based on industry standards. Our storage devices have the same physical security protections as our servers. The following list is an example of additional controls Bamboozle maintains for storage security:

  • Bamboozle's asset inventory includes serial number tracking for servers, disks, and other assets necessary to provide infrastructure for customers.

  • Where full disk encryption is used, logical access is managed by FileVault for MacOS and BitLocker for Windows operating systems; Linux encryption occurs during the operating system build, alternatively the home directory is encrypted.

  • In-scope systems are configured to require at least one of the following authentication requirements:

  • Authorized user account and password

  • MFA

  • SSO

  • SSH

Virtualization

Cloud hosting environments are broken down into two main parts: the virtual servers that apps and websites can be hosted on, and the physical hosts that manage the virtual servers.

Virtualization makes cloud hosting possible: the relationship between host and virtual server provides flexibility and scaling that are not available through other hosting methods. Virtualization allows multiple Bamboozle customers to host their products on the same disk with inherent logical separation. The following list is an example of security measures we maintain for securing your virtualized instance:

  • Initial permission definitions, and changes to permissions, associated with logical access roles of production-impacting systems are approved by authorized personnel.

  • We maintain device configuration policies on security requirements for the configuration and management of devices connecting to corporate services. The policies also apply to infrastructure and virtual instances.

  • Customer environments are isolated using numerous mechanisms, technologies, policies, processes, and architectural elements. Customer tenants and Virtual Machine deployments are kept logically separated. Customer data may be encrypted in-transit and at-rest through configurable and standards-based providers using a variety of protocols.

PreviousPlatform SecurityNextCertification Reports

Last updated 1 year ago

Was this helpful?