Online Documentation: Reference Manual
Data Backup Procedures and Data Protection
At EazyWorks we have automated backup procedures that will take care that your web
application is backed up daily on to the EazyWorks Servers. We keep a backup of
Besides the EazyWorks backups. Our hosting company WebHost4Life keeps backups of
The EazyWorks Servers are protected with 2 software and 1 hardware firewall. EazyWorks
uses an SSL ftp connection to Upload and download files to the hosting server.
For each hosting account WebHost4Life takes care of the following backup features.
- Daily Backup of your websites to a local backup device.
- Daily Backup of databases to a local backup device.
- Daily Backup of your websites to a remote location.
If you are an EazyWorks customer we will take care that your website and your information
Data Location and Data Links
The following diagram shows were the data is located and the different possible
The information that your organization will keep, using a Web Based application,
will be stored at different locations.
Data Center / Data Warehouse
A specialized Data Center is the place were the website with database resides. The
Data Center is using a Cisco Firewall to keep your data safe. Besides the firewall
the data center takes many measures to make the physical location safe.
EazyWorks Designs your website, so the original design files of the website are
located on the EazyWorks servers. EazyWorks protects its servers with a software
and a hardware firewall. Depending on the customers request we can make a full backup
of all the information stored by the Web Based Application. This backup will be
stored on the EazyWorks servers.
Data related to a Web Based Information System is linked by the Word Wide Web. The
following links, to transport data, can be identified:
1: Customer Data Entry and Customer Data Request
By using the Website, that is made by EazyWorks, the customer is entering data onto
the servers located in a secure data warehouse. Dependent on the customer request
EazyWorks can secure this communication by means of SSL Encryption. This encryption
works both ways. The website can be designed in such a way that for every page the
data transfer in both ways is encrypted using SSL. In the web browser you can see
if this communication is safe by the 'https' at the start of the web address. (Normally,
for an unsecured link the address starts with 'http')
2: Uploading and Downloading to EazyWorks
EazyWorks uploads and downloads all data to and from the server using ftps. This
is the secure encrypted way for ftp protocol.
New design updates for the website are uploaded this way. Besides the design updates,
EazyWorks makes a daily backup of the website. This is an automated procedure. EazyWorks
keeps a history of 7 days.
3: Internal Customer Links
Although the EazyWorks application comes with many different file export possibilities,
customers should take care sending these exported files by e-mail.
E-mail can be an insecure way of communication. A better way to communicate sensitive
information, that is located on in the Web Based Application, is to send e-mails
with links to the specific information. This way the real collection of the information
will happen through an encrypted communication link.
4: Data Center back ups
To protect your Information the Datacenter makes daily backups of your website to
other Data Centers. This is happening with secure data links.
Data Warehouses / Data Centers
Through our Hosting company we take care that your website is located at World-Class
Data Centers with the following requirements:
Ensuring the delivery of the highest possible levels of reliability and performance,
each Data Center features a redundant network of multiple fiber trunks from multiple
sources, redundant power on the premises, and diesel backup generators. This allows
maximizing our connectivity rates and overall site performance.
Each Data Center is maintained by combining round-the-clock systems management with
personnel trained in the areas of networking and systems monitoring.
Each Data Center is custom designed with raised floors and is flood proof. Each
Data Center is comprised with HVAC temperature control systems with separate cooling
zones, seismically braced racks, advanced early smoke detection and fire suppression
All the servers at the Data Centers are behind Cisco firewalls to protect them.
The physical Data Centers are supported by some of the most powerful security in
the business. 24/7 video camera surveillance, security breach alarms, security guards
around the clock, and Biometric thumb print scanners at every entryway. The servers
are further secured within a cage with locks.
With all of these factors, the end result is an excellent physical and technical
environment delivering the reliability and flexibility necessary to support your
mission-critical Internet operations.
We make sure that our clients get the fastest speed possible by using only top quality
bandwidth providers such as Level3 T3, Global Crossing and UUNET. All our bandwidth
providers are known world-wide for their performance and excellent peering capabilities.
We also ensure that our bandwidth utilization will average 30% at all times, thus
achieving 70% of head room to continually maintain performance and quality of service.
Secure Socket Layer (SSL)
For a fee of $ 350 a year EazyWorks can equip your website with 256 bit SSL. We
take care that the SSL is designed into the website. This means that we switch over
to https at the moment it is required by the website design.
The SSL we install for you comes with the following features:
- Single root certificate
- $10,000 warranty
- 99% browser recognition rate, no chained installation
- Strong 128/256 bit encryption, industry standard SSL
- RapidSSL.com owns the root used to issue your certificate
Most Websites developed by EazyWorks come with extensive user management possibilities.
This includes the following.
Login / Logout Functionality
Access to areas of the website (or the whole website) can be controlled by a user
logging in with name and password.
The login function comes with 'remember me next time' option and automated password
recovery with security question.
The default setting for the passwords of an EazyWorks Website requires 7 characters
and 1 special character, like '+','=','_' etc. Depending on the security requirements
this can be made stronger or can be relaxed.
Users can change their own passwords and the password is only known to the user.
The system can only reset passwords and issue new passwords.
Users can be assigned to different roles. For the different roles different access
policies can be defined. The site is protected that only users with specific roles
can access specific areas. Furthermore specific information stored on the website
can be protected for users without the specific roles.
Navigation tools of the website (e.g. menus) only show options that are allowed
for that specific user. The Navigation tools dynamically change at the moment the
user logs on or logs off.
Management of Accounts by the Administrator
For each website developed by EazyWorks the role of administrator is defined. The
administrator has exclusive access to an additional web page which he or she can
use to manage the accounts.
This page can be equipped with the following functionallity
- Adding and deleting users
- Adding or deleting roles (Roles will define for which areas a user has access) If
a user does not have the appropriate role for an area, it will not be possible for
this user to access this area. All navigation tools (menu's etc) of the website
will only show options available to that specific user.
- Resetting passwords for users. Each website will come with automatic password recovery
- Logs of user activity showing the login activity on the website
- Furthermore the website can be configured to send out automatic notifications to
the administrator when, a new account is created, is user changes a password, or
when a user requested a new password.
All automated e-mail messages can be completely customized and formatted in HTML
reflecting the customers house style.
Security of EazyWorks Web-Based Applications
Below we will address a number of concerns regarding data security. We like to stress
that the weakest point in our system is the login. So to be safe is always best
to use strong passwords (using number(s) and one or more special character(s) like
'+', '=', etc). The passwords used by EazyWorks Personel are strong.
EazyWorks uses Ajax technology in combination with the Microsoft .NET 2.0 framework
for its Web Applications. This technology does not allow SQL injection, so the EazyWorks
applications are NOT susceptible to these types of attack.
Encryption of Credit Card Data
Even if someone manages to get into the SQL Database, all Credit Card Data is encrypted
when it is written to the database. The following figure shows an example of how
the encrypted data looks while it is stored in the SQL Database:
The only way to decrypt the information is to login to the application.
Dependent on the customer request EazyWorks can secure this communication by means
of SSL Encryption. This encryption works both ways. The website can be designed
in such a way that for every page the data transfer in both ways is encrypted using
SSL. In the web browser you can see if this communication is safe by the 'https'
at the start of the web address. (Normally, for an unsecured link the address starts
EazyWorks solutions are hosted using Amazon Web Services. Below a short excerpt
from the AWS Security Whitepaper:
The issues of end-to-end security and end-to-end privacy within the cloud computing
world are more sophisticated than within a single data center not facing the Internet.
Ensuring the confidentiality, integrity, and availability of customer’s systems
and data is of the utmost importance to AWS, as is maintaining trust and confidence.
This document is intended to answer customer questions such as “How does AWS help
me ensure my data is secure?” Specifically, AWS physical and operational security
processes are described for network and infrastructure under AWS’ management, as
well as service-specific security implementations.
For more details we would like to refer to the Amazon Documentation (in case the
link does not work, please go to http://aws.amazon.com/
and search for: Security Whitepaper):
EazyWorks does not keep any of its customer’s data at its office location. When
data is needed for maintenance, it will be deleted shortly after use.
EazyWorks AWS Settings
All of our server firewalls currently only have 2 ports open to the world
- One for HTTP = 80
- One for HTTPS = 443
All remote access is blocked to only allow our IP address to access the servers;
on top of that the servers have the standard Windows Based Password Policies. The
SQL server is also blocked by the firewall for remote access, and also has a SQL
based Password Policy on the Database File.
Creation of user Accounts
User accounts can be created by the user on the login page of the application. At
that point the user has to select her password. Beside the password the user will
define a security question with answer to retrieve a lost password. The system will
encrypt the password and the security answer. The password and security answer is
unknown for anyone (including the system administrator and people that would be
able to access the database directly).
This way it is ensured that the password is only known by the user and that no one
will be able to login for the user, beside the user herself.
After creating the account the admin of the system is notified, and the admin will
assign the roles for that specific user. Without any role assigned to the user the
user will not be able to access any data.
During the ‘create new account’ process the user enters her e-mail. Because the
password is only known to the user the password is lost at the moment the user forgets
her password. The system comes with a password retrieval option where the user can
reset her password on the login page, the new password is sent to the user to her
e-mail address. Using the new password the user can login and should immediately
change her password.
Users with an admin role are notified by the new account emails and the reset password
emails. Admin users will have the possibility to lock out any of the users of the
system. After a user is locked out, her password will not work to enter the system
anymore. This will not affect any of the historic records.