Only indispensable applications are installed on servers on which our registries are running. The objective of this measure is to minimize the risk of attack on potentially vulnerable applications, as well as to minimize the server load.
Only indispensable services (or daemons) are installed on servers on which our registries are running. The objective of this measure is to minimize the risk of attack on potentially vulnerable services, as well as to minimize the server load.
Only authorized persons have user accounts and access rights to servers on which our registries are running. The server administrator keeps a list of persons who have the right to access the servers and/or user accounts on given servers. This list is reviewed every year and the necessity of having user account or access rights is reconsidered for every user.
Log files are critical to the successful investigation and prosecution of security incidents. Every attempted login into the system is recorded. The system monitors also other important events which could affect data security. System logs are subject to regular audits.
Safety policies require that appropriate passwords are used: passwords have to be long and complex enough, and must be changed regularly. The system also records the history of logins, login attempts, as well as dates and times of these events.
System files and data files are located on separated disk partitions to minimize the risk of data loss in case of server breakdown. NTFS (New Technology File System) is used on the disks, featuring the use of advanced data structures to improve performance, reliability, and disk space utilization, security access control lists and file system journaling.
Whenever new security issues emerge and relevant patches are released to fix them, these patches (or service packs) are thoroughly tested before being installed, in order to ensure that the installation would not disrupt the server performance.
Whenever configuration changes are required (i.e. for security reasons or in order to enhance the system performance), these changes are tested and thoroughly documented in a non-production environment before being implemented in the production system.
Scripts not used by the our web server are immediately removed from this server in order to reduce the risk of attack using these potentially vulnerable scripts. The web server does not allow the unauthorized user to view the configuration settings, information on potential errors etc.