Rocket Lift Security
Putting Security into Practice
Rocket Lift believes in taking security on the Internet very seriously.
Security is hardly the same thing as, and is often quite in opposition to “secrecy”. This is one reason why we value “Openness”, which means we promote open technologies, open data, and operational transparency. This allows the effectiveness of our security procedures and tools to be independently verified. By being open about how we work, we put this value into practice, and we even invite scrutiny from you — our friends, competitors, and customers — to improve how we work.
From Rocket Lift’s inception — years before Edward Snowden’s revelations about widespread U.S. government surveillance of internet traffic — we have treated our clients’ information as top secret. The integrity of our own systems directly impacts that of your systems, which in turn directly impacts the safety and security of every one of your users, viewers, or customers.
We bend over backwards to protect sensitive information from loss at our hands, to reduce the risk of a cascading breach that effects not just you, but everyone who depends on you. And we don’t want you to “just trust us”. We want you to be able to verify that trust yourself.
Protecting the Keys to your Kingdom
Always discouraging people from sending us confidential information by unsafe means.
Intercepted passwords are the easiest way to have your site hacked and sensitive information stolen. We discourage sending passwords via plaintext email, instant message, text message, or verbally over the telephone, as it is easy for such information to be intercepted and recorded. We work with you to make sure you have the tools necessary to communicate with us as securely as possible.
Secure Instant Messaging
For instant messaging, we use the XMPP/Jabber open standard, with SSL/TLS connections to the Jabber server and verified OTR sessions between individuals.
Decentralized P2P and/or Self-Hosted Internal File-sharing
Our sensitive company and client records are not stored using third party “cloud” service providers (such as Dropbox), because they cannot realistically guarantee that their staff do not have access to senstive data stored with them or that they have not provided a backdoor for government agencies.
We currently use a private encrypted peer-to-peer file sharing system that gives us the benefits of remote team file sharing. We do not know of any independent security audits of the protocol or of its clients, so we won’t publish the name of the specific service. If you are aware of research into the security of encrypted peer-to-peer file sharing services, we would love to hear about it.
Non-logged, Self-destructing Private Messages
We use self-destructing, self-expiring messages provided by Lockify to share sensitive information even over encrypted channels, so that nothing is stored in anyone’s message logs (which if accessed later would defeat encryption). Even Lockify staff are unable to access content in these messages, and the messages require you to prove your identify to access them.
Encrypted Password Databases
Our team stores all sensitive data in encrypted databases, protected by ludicrously long passwords, and encrypted using open industry standards configured to run enough “rounds” of encryption that even our most modern computer hardware pauses for a moment while attempting to authenticate and access their information. The database software is also completely separate from the software that maintains our company’s shared file systems, so even if the file system’s network were compromised, third parties would still not have access to password data.
100% Unique, Randomly-generated Passwords
Every password we ever create is randomly generated and unique. If the password to one of our accounts for a client became known, access to other services for that client, and to other clients’ services, would remain protected.
We group private information in small lockers that are accessed one at a time, so accessing any private data locker only exposes a small amount of information. This limits the impact of a data breach, so even if an attacker gains some of our information, most of it is still locked. We employ this data “compartmentalization” at every practical level, with only those who require it having access to various things. This creates some routine inconvenience and extra configuration work for ourselves, but we’ve embraced that. We believe it is worth shouldering some extra burden to maintain the principle of “least privilege”, whereby our staff and contractors only have the privileges they absolutely need to do their work, in order to limit access, and thus risk.
Separate Accounts for Every Client
Whenever possible, we access systems and resources using individual accounts, access control lists, and/or key files — rather than sharing account names or passwords. Similar to compartmentalization, this limits the impact of a data breach, so that a successful attacker is limited in what they have access to.
We have procedures in place to change passwords whenever they are potentially compromised, including when we’re alerted by our service providers of a potential data breach, and whenever one of ours staff or contractor team members leaves Rocket Lift.
Keeping Ears to the Ground
Nothing is perfectly “secure” or “insecure”. Security is not black and white, but quite complicated, and better thought of as a spectrum from “less secure” to “more secure”. We follow developments in the security research community and regularly evaluate new services and practices that can improve our position on that spectrum.
Continual Training and Education
Security conscientiousness is part of our culture. Our team members and contractors receive regular trainings beginning the day they start with us.
Every WordPress release includes patches to fix recently identified security vulnerabilities. Out of date WordPress sites are ticking timebombs, with a high risk of being hacked through their unpatched vulnerabilities. We highly recommend keeping WordPress and its plugins updated. (Our services include assisting with this, including identifying and fixing update compatibility issues, to ease the pain a bit).
Many small “safes” instead of one large one.
We avoid using services that manage access to a bunch of separate websites from one account, such as managewp.com, which allows you to upgrade multiple WordPress websites from one dashboard. These types of services amount to a single point of failure. If an attacker gained access to our master account with these services, she would then have full access to do damage to any client sites we manage.
We prefer to “sandbox” access to our client sites, so that if one site is compromised, they aren’t all affected. You can think of this as using many small safes, instead of using one large safe with everything precious inside. If the large safe is lost, so is everything precious. Many small safes spreads this risk around and minimizes any harm.
Renaming the Default User Account
WordPress sites are under constant attack by armies of enslaved computers (called “botnets”) attempting to guess their way into the backend with random combinations of usernames and passwords. One of their simple tricks is to attempt to log in as “admin”, guessing common passwords. By renaming this default account, we reduce this threat.
We set up individual personalized accounts for our clients — e.g. “Jayne” instead of “admin” — and use activity logging plugins that create an audit trail of each user’s activity. In the event a user account is compromised, this allows us to isolate and re-secure it. We’re also able to detect and block repeated attempts to guess passwords.
Encouraging and Enforcing Strong Passwords
The weakest spot in any WordPress website’s armor is an easily guessed password. So, we install plugins that encourage the use of strong user passwords, and provide education about why this is important and how to make it easier to create passwords that are both easy to remember and secure. Where appropriate, we can also require the use of strong passwords.
Options to Easily Restore Broken or Hacked Sites
We prefer plugins that are actively-maintained, scrutinized by the development community, and popular. These are less likely to have unpatched vulnerabilities. When our budgets permit it, we subject third-party plugins to code review and submit fixes back to the plugin authors.
Adapting and Evolving
The adage that “the only constant is change” is one that we acknowledge and embrace. We know that nothing is perfect, nothing is absolute, and that there is always room to improve. We’re also deeply aware of how quickly the software world advances, how quickly web and internet technologies change, and how something that was considered “safe enough” today could very well be horribly broken tomorrow. We keep our eyes on current events in the cryptography and information security worlds, do our best to learn from everyone’s mistakes and examples, and greet each shiny new thing with healthy doses of both hope and skepticism.