@UK PLC Company Formation & Company Registration, ecommerce, domain name registration, spend analysis, eprocurement in green marketplace

SiteGenerator ecommerce sites are secure, @UK PLC has been creating secure ecommerce sites for over 10 years and goes right down through the infrastructure layers to managing our own IP addresses and DNS services. This is a significantly higher level of security coverage than the industry standard

The standard for credit card acceptance over the internet is PCI/DSS. PCI/DSS requires that sites are checked quarterly for security flaws. @UK PLC carries out a full PCI/DSS check on all its servers and sites on a daily basis.  @UK PLC is PCI/DSS certified.

IP addresses are allocated by Regional Registries, these are then delegated down to hosting companies and ISP's. Unfortunately this introduces a chain where it is possible that a compromise of a system outside your control could result in your IP addresses being diverted.

DNS is the level above IP addresses, again DNS is often outside of the control of organisations. There are a surprisingly large number of organisations that run DNS software with poor security track records. e.g. The recent Dan Kaminsky DNS security bug, did not affect @UK PLC DNS servers, because we choose a server that had designed out this bug over 10 years ago.

We only run email servers that are designed for security and have a track record of minimal security exploits over the past 10 years.

All the popular web servers have had a very poor security record over the past 10 years, and we have had to ensure that our servers are regularly patched and run in the most secure configuration. Our applications are designed to minimise the damage from a web server compromise.

Our database servers are not directly connected to the internet, and we try to protect them from a web server compromise.

Our applications have been written with physical separation on different webservers, and logical separation into different roles, to try and minimise the damage caused by any compromise of an application component, or the infrastructure that it is running on.

We have multiple layers and different types of firewalls running on different secure operating systems.