Backups, Privacy and Security

Wednesday, Dec 11, 2019

We have a load balanced cluster of Linux based apache web servers. This allows us to add or remove a web server with minimal interruption to users. Our database is maintained on a separate service within amazon, and caching minimises load strain on the servers as demand increases. This configuration allow us to add additional computers during times of high demand. Additional benefits include higher security and lower impact of denial of service attacks.

Backups summary

  • All data is stored on servers in Sydney Australia.
  • We have two copies of the database, primary and a slave.
  • Hourly and nightly backups are stored on the CourseSales.com primary server in Sydney, Australia.
  • Daily backups are kept for 50 days.
  • Copies of the latest five nightly backups are also stored on separate server to the main CS server

Security summary

We use a SSL certificate backed by Amazon which allows for up to 256 bit encryption.

A Virtual Private Cloud (VPC) is used for all servers, including the database servers, in order to provide an extra layer of security.

Backup and security details

Location of the database

We use Amazon's Aurora (rather than the standard MySQL) as our database engine, providing up to a five times performance boost over MySQL.

The CourseSales.com database is located on a Reserved Relational Database Service (RDS) instance at Amazon’s Sydney, Australia datacentre. This is a multiple availability zone (Multi-AZ) deployment which provides for enhanced database availability and durability. It features a primary database instance and a standby instance in a different availability zone, meaning that it runs on its own physically distinct, independent infrastructure.

In the case of failure of the primary zone database instance, Amazon performs an automatic failover to the slave database instance.

The RDS slave instance is also where a separate test version resides, for the test server.

Database backup strategy for the coursesales databases

The database is backed up on a nightly basis each backup is kept for 50 days on the CourseSales.com server. Copies of the latest five nightly backups are also stored on separate server separate to the main CS server. An hourly backup is also made and stored for 24 hours. In the case of complete loss of the Amazon’s RDS servers (extremely improbable but not impossible), backup would be a restoration to a local (same server) database.

Test data is backed up only as required - no regular backups are made of this data. Production data is copied to test data for all instances on a 2-3 month basis, when this is done all existing data in test is replaced and any changes are lost.

Secure https certificate when visiting web pages

We use a SSL certificate backed by Amazon which allows for up to 256 bit encryption. When connecting to our site sometimes it will be a 128 bit encrypted connection and sometimes 256 bit. When an encrypted session is established, the encryption level is determined by the capability of the web browser, SSL certificate, web server, and client computer operating system. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the encryption key (the larger number of bits the less likely the connection will be compromised). Please check the properties of our certificate here. We receive an A- rating (rather than A) because a new Domain feature called 'DNS CAA' is not currently supported by Amazon Services, when this changes and they have enabled this feature we will enable it. We also do not support Forward Secrecy as current implementations result in a computational overhead of approximately 15%, and it increases the risk of BEAST attacks.

Database Encryption

The current Amazon RDS database server is not encrypted. If this is important to you this could be done within the Amazon RDS structure however there would be at a minimum some setup costs involved. This would also mean all backups would need to be encrypted also, involving extra setup costs and monthly fees. For security, the current database is on an Amazon server within the same Virtual Private Cloud, meaning that all data flowing between the database server and the CourseSales.com server does not appear on the public Internet, and is encrypted.

Passwords

Passwords in the CourseSales.com database are encrypted so cannot be recovered, only reset.

Recovery of passwords is by request, then sending half the password in an SMS message and the other half in an email to the nominated user. Generated passwords are alphanumeric and case sensitive. If you do not have a mobile number associated to your user record you need to contact us directly.

Backup Server and Code Redundancy

The CourseSales.com production servers are Amazons EC2 instances located at two of Amazon’s Sydney, Australia datacentres which are in two separate geographical locations. More instances are on cold (not active) standby ready to replace or add to the production servers if required. This is made feasible because:

  1. the database itself is not on the production server.
  2. the master copy of the code resides at a separate online code storage service. This means a complete new instance could (if necessary) be setup in a short time provided access to the Amazon RDS database is still possible.
  3. we are using Amazon’s load balancer, where the domain name does not change, removing the reliance on domain name servers to propagate changes of ip addresses (which can mean waits of up to 24 hours)

Privacy & compliance

We host our data, and therefore your data with Amazon Web Services based in Sydney. You are in good company, with organisations like Suncorp using AWS and plenty of international companies too.

AWS Compliance enables our customers to understand the robust controls in place at AWS to maintain security and data protection. As you build systems on top of AWS cloud infrastructure, compliance responsibilities will be shared. AWS Compliance provides assurance related to the underlying infrastructure and your organization owns the compliance initiatives related to anything placed on the AWS infrastructure. The information provided by AWS Compliance helps you to understand our compliance posture and to assess your organization’s compliance within your industry and/or government requirements.

For more information please visit the AWS website.

Speed of connection

We use ap-southeast-2 servers - use this service to get an idea of if the speed suits your needs.

What you can do to ensure security of your site

  • Change your passwords regularly, use complex passwords, use a password management too like Lastpass or KeePassX
  • Ensure that your wordpress pages are secure, eg that pages like /wp-content/debug.log are not publicly accessible (these can contain critical and valuable information).

Additional resources

Why do pages not have public audit records?