| Cookie Policy: | | We are not in a position to offer any legal advice, but this paper shares information that we have found to be usefull. | | This Electronic Privacy Directive specifies mandated "right to privacy" practices in addition to the Data Protection Act. | | An obligation on all electronic service providers is to provide security of services and confidentiality of information. | | Each person has the right to opt-in and opt-out of any communications method at any time. Unsolicited emails are expressly prohibited and email may only be sent where the recipient has formally opted-in to receive emails and has the right to opt-out at any time. |
| Sign In: | | "Only authorized users may sign in" is a critical phrase to make it illegal for unauthorised people to attempt to sign in. | | Simple "login" facilities can be taken as an open invitation to the public to login by guessing a possible password. We choose to make it very clear that the pubolic are not authorized to guess the password or use password cracking tools to try five hundred thousand potential passwords. |
| Cookies: | | Each person has the right to opt-out of having cookies written to their local computer and cookies can only be created after the person has formally opted-in to have a cookie. | | As a direct result, all our application services have been modified to remove all personal information that was stored in a cookie. Information that was stored in local cookies is now stored in our secure data centers. |
| | | How to be safe and secure: | | By operating many thousands of web services that are continually attacked by script kiddies and state sponsored data collection hackers. The fact that all such attacks have been resited every day for the last ten years implies that something is being done right and treat security as a major part of the application architecture. | | A major benefit over other corporations that can only cost justify in-house servers, is that it is cost justified to housing server racks in ultra secure tier-4 data centers that are part of the UK broadband backbone. It is cost justified to deploy a swarm of ultra secure data centers with data replicated so in the event of a disaster at one data center, other data centers can continue providing application services. | | The most important security benefit is that racks of servers do not have any locally attached client computers. Most Advanced Persistent Threat (APT) attacks are made using scoially engineered attacks on client computers that are then used by hackers as the gateway to the corporations valuable data. | | Because server racks do not have any software installed (such as Office or Adobe or browsers or music players) that could be a vulnerability, then it is virtually impossible for a hacker to find anything to attack. Web servers deploy a single index program as part of a three tier architecture, that means hackers are faced with only one ultra-secure program that can be seen from the Internet. It is likely that most corporations with in-house servers cannot afford such a secure architecture. |
| How you can be safe and secure: | | A single rules is needed for your local computers, tablets and smart phones to be safe and secure: do not download any software. Every virus, trojan, worm or malware must be installed on your computer for it to work - do not permit any software to be installed and all your security issues are resolved. | | You should have a shared virtual desktop in the cloud that holds all your documents, music, movies, pictures, emails and data - none of these files must ever be allowed to be downloaded to your local computers, tablets or smart phones. All backups and synchronisation issues are also resolved because all your computers have concurrent access to all your data in the cloud. | | From time to time, the base operating system on your computers, tablets and smart phones should be reinstalled and brought up to date in a virus free environment. All your computers, tablets and smart phones will always be clean and safe to use, so long as nothing is ever permitted to be downloaded or installed from a USB drive or DVD. Make sure that web printing is deployed so local printer drivers are not needed - printer drivers can be a source of infection that can be avoided. |
|