Security Measures
We use 128 bit SSL encryption technology, on secure, high encryption credit card processing servers to process credit card transactions. For you, this means that your credit card information cannot be stolen, hacked or anything else. It is 100% safe.
The information collected by our web servers is for security of our servers only. By default, our web server logs all access to the server to include IP address, referring URL, and hacking attempts. This information is not personal information but rather general information as your internet service provider is the only one who can match an IP address to an actual person. Our streaming solutions include the usage of Intrusion Protection Systems, Load Balancers, multiple physical networks, Operating Systems Hardening and encryption all working in unison to provide a powerful, redundant and secure environment for our customers and data.
Physical Security
All servers are housed in a world-class data facility with secured cages and locking cabinets. The data center features key card access and alarms that are monitored 24/7.
Server Security
Layer 1 (Intrusion Prevention System)
The first layer of defense on our network features the most secured and fastest IPS (Intrusion Prevention System) system available. An Intrusion Protection System is basically a combined Firewall and IDS (Intrusion Detection System). This system not only firewalls and protects the servers but it also detects new attacks and worms and dynamically blocks them.
Layer 2 (Load-Balancing)
The second layer of defense on our network features state-of-the-art load balancers. These load balancers limit allowed communications to the actual servers that provide the websites, streams and downloads. The load balancers feature "virtual" IP addresses so that the real physical IP addresses of the server is unknown and unreachable from the internet since only the virtual IP is actually available.
Layer 3 (Servers)
All of the physical servers have their operating systems hardened. This would include Linux features such as IPTables/IPChains protection or Win2k features like IPSec and port filtering. All unnecessary services are turned off and extensive measures are taken to ensure that each server is hardened properly. This includes third party auditing of the servers and network and the usage of several security scanning tools.
Layer 4 (Content Servers on Network 2)
Content Servers reside on a physically separate network that has no routing available at all. The systems mentioned in Layer3 physically have a second interface to this network and the content servers are running a packet filters that will only allow them to talk to the servers mentioned in Layer 3.
Authentication & Software
Purchases: All purchases are made using encrypted tunnels featuring SSL (Secure Socket Layer) so that all data is passed using encrypted secure links.
Streamed Media: Our streaming systems includes native authentication of MD5 summed passwords that are stored in our databases and can not be unencrypted. MD5 is the most secure password algorithm available, so even in the unlikely event that a database is compromised or an employee views the MD5 hashed passwords, the passwords would be useless since they are encrypted and impossible to decode.
Windows Media Download (DRM — Digital Rights Media): Windows Media Downloadable Files are encrypted and stored on our servers. There is a unique license generated for each transaction (purchase) of the content. The license allows the download of the media and allows unlimited playing of the media on that unique machine for specified amount of time. The unique license key prevents the media from being re-downloaded or shared with another machine (even if the machine belongs to the purchaser). |
