Overview
Server security is of the upmost importance in our Hosted Server Environments. Customer data is the backbone of our infrastructure and needs to be kept safe, secure, and accessible.
Purpose
The purpose of this policy is to outline how our Hosted Server Environments are secured from the Operating System, to the Customer Data in our SQL databases.
Scope
This policy applies to all Yellow Dog Software Hosted Server Environments.
Non-Hosted Server Environments are the responsibility of the administrative team of the customer.
Policy
--Windows.
Our servers use Windows Server 2016 for their operating systems and SQL Server 2016 SP1 Standard for our databases.
Windows Updates are on a 1 week lag (except for critical updates) to ensure none of the updates are impacting performance or stability of the server.
Antivirus, AntiMalware, and Firewall software packages are installed on all servers.
Access to the Yellow Dog Software Hosted Environment is controlled through our Remote Access Policy, which can be found here
Passwords to our Hosted Environments use established standards and practices and are on a 90 day rotation.
Servers are monitored and managed 24/7 with industry standard remote management services.
--SQL Databases
The database passwords use established standards and practices and are on a 90 day rotation.
Access to the Yellow Dog Database is managed through SQL and only authorized employees of Yellow Dog Software can access it from outside the Yellow Dog Inventory client.
--Yellow Dog Inventory client.
Access control is through a username/password/grouping structure. Only customers with the proper username/password can access the YDI client.
--Network
Yellow Dog Software Hosted Environments do not run any other services on the servers but SQL. Any and all ports not used by SQL are blocked and monitored for intrusion attempts. SQL instances are on non-standard ports (to reduce the attack presence of the server).