Protection against Unauthorized Access
- check_circle Encryption of Data Transmission. The transfer of data between your device / your web browser and our servers is done using the encryption standard AES-256 (Advanced Enncryption Standard with 256-bit key length). The algorithm is approved in the USA for state documents with the highest secrecy level. This ensures that sensitive content such as user names, passwords and uploaded documents cannot by accessed during transmission.
- check_circle Regular Security Updates. The operating system and the software of our servers is regularly updated. This way it is ensured that any safety issues caused by identified vulnerabilities are corrected in a timely manner and cannot endanger the integrity of our servers.
- check_circle Intrusion Detection System. On our servers, we make use of a so-called Intrusion Detection System (IDS), which tracks irregularities in the daily operation and reports any issues to the administration team. These include unplanned changes in configuration files or other unauthorized file modifications.
- check_circle Network Firewall. The network firewall is blocking traffic from suspicious address ranges and ensures that only permitted connections (e.g. encrypted connections to the PlagAware WebServer) are established.
- check_circle Application Firewall The application firewall automatically monitors and verifies all transferred parameters for validity. This way, all requests leading to web server overloads or malicious activities are tracked and blocked.
- check_circle Automatic Blocking of Addresses. In case multiple unauthorized requests are detected within a period of time, the respective addresses are added permanently to a ban list. This way, we ensure that future access by these sources will be blocked without impacting system stability or performance.
- check_circle Parameter Vulnerability Assessments. Within the manual parameter vulnerability assessment, all transfer parameters and variables are classified in regards to valid contents and value ranges. The classification as well as the correct handling of not permitted values is reviewed and captured in an assessment report.
Physical Access, Hosting and Server Security
PlagAware's databases and web servers are hosted by Hetzner Online GmbH in Gunzenhausen, Germany. The physical security, network security and system security is ensured by technical and organizational measures in accordance with the current state of technology. These include, for example, the video monitoring of server rooms, logging of hardware accesses, redundant connections to the network and centralized backup servers.