Topic Last Updated February 24, 2005
Our goal at LION MTS, is to provide our customers and their information with one of the highest levels of security in our industry.
LION MTS uses a three-tiered approach to protecting your data in our applications:
Physical security
Network infrastructure security
Application security
Physical security
The LION MTS servers and data which host all customer web sites are located in a state-of-the-art independent hosting facility. The LION MTS data center is designed for maximum security and safety, including a badge access entry system, redundant power supplies, redundant air conditioning units, and fire suppression systems—all monitored 24 hours a day, 365 days a year. Security personnel and security cameras guard the building, and only allow authorized personnel inside the data center containing the LION servers and data. All servers and network infrastructure used to support LION MTS web sites is redundant and has at least one backup device for every type of device needed to operate the web sites.
Network infrastructure security
The LION MTS network consists of top-of-the-line Cisco routers and firewall products. The LION MTS network systems are scanned to detect potential intrusion and security vulnerabilities utilizing Cisco’s IDS® technology. The Internet addresses (IP) of all systems behind the firewall are completely invisible outside the firewall to prevent unauthorized entry.
Application security
The LION MTS web site products employ Secure Sockets Layer (SSL) technology that encrypts sensitive information as it is transmitted across the Internet. The LION MTS web sites also utilize server certificate services which allow your web browser to confirm that the server you are transacting with is a LION MTS server. LION MTS uses 128-bit Server certificates to offer the highest SSL encryption level available to our customers. F5’s BIG-IP Local Traffic Manager is used to remove single points of failure and assure high web site availability across all web site products. All of the LION MTS Product Suite applications use a sophisticated authentication system incorporating X.500 LDAP security protocols. This ensures authorized access to our web applications through the use of Security Support Provider Interfaces (SSPI) integrated with Microsoft Internet Information Services (IIS) that leverage Windows® built-in security to provide authentication services for individual Web applications. These systems allow us to not only authenticate authorized users, but also to proactively detect unauthorized attempts to access our systems and deny access to potential threats.
Updates
Although no security system is completely impenetrable, we constantly review, refine, and upgrade our security system and infrastructure as new techniques and tools become available. The protocols and systems set forth above generally indicate our current methodology and will change from time to time.
Customer responsibilities
Authorized access to the LockPoint Product Suite applications is only available through a logon name and password. As with any valuable property, the customer should take its own protective security measures to guard these logon names and passwords. These passwords should be changed regularly and contain different alpha-numeric characters and cases consistent with today’s general security standards and practices for establishing and maintaining passwords. Any time you disclose this identifying information to third parties, you are creating greater risk of unauthorized use or access for which LION MTS cannot take responsibility.
In addition, the use of appropriate virus-screening software (with updated virus definitions) is important to minimize the risk of malicious code such as viruses, worms, Trojan horses, etc. that can compromise the customer’s own systems and security independent of any interaction with LION MTS and for which LION MTS cannot be responsible.
Disclaimer: The policies and methodologies set forth above are informational and no warranties are made thereby. The warranties, obligations and responsibilities of LION MTS and the customer are governed by End User License or other applicable agreements.