SAFCOIN Security

Serious about security and protecting our customers.

We constantly monitor the SAFCOIN exchange and all other accompanying platforms to ensure utmost security. Here's some technical info as to how our server architecture is set up to ensure the SAFCOIN exchange stays secure. Along with ethical (white hat) hacking on an ongoing basis, and third party security auditing we can sleep sound at night knowing that all precautions are taken to ensure our customers stay safe:

 

Basic AWS Identity and Acess Management (IAM) configuration with custom (IAM) policies, with associated groups, roles, and instance profiles.

Standard, external-facing Amazon Virtual Private Cloud (Amazon VPS) Multi-AZ architecture with seperate subnets for different application tiers and private (back-end) subnets for application and database.

Amazon Simple Storage Service (Amazon S3) buckets for encrypted web content, logging and backup data.

Standard Amazon VPC security groups for Amazon Elastic Compute Cloud (Amazon EC2) instances and load balancers used in the sample application stack.

Three-tier Linux web application using Amazon EC2 Auto Scaling and Elastic Load Balancing, which can be modified and/or bootstrapped with customer application.

A secure bastion login host to facilitate command-line Secure Shell (SSH) access to Amazon EC2 instances for troubleshooting and system administration activities.

Encrypted, Multi-AZ Amazon Relational Database Service (Amazon RDS) My SQL database.

 

Logging, monitoring, and alerts using AWS CloudTrail, Amazon CloudWatch, AWS Config rules.
Encrypted secondary EBS volumes on all EC2 instances.

Isolation of instances between private/public subnets
Security groups limiting access to only necessary services
Network access control list (ACL) rules to filter traffic into subnets as an additional layer of network security.
A secured bastion host instance to facilitate restricted login access for system administrator actions.
Standard IAM policies with associated groups and roles, exercising least privilege.

Monitoring and logging; alerts and notifications for critical events.
S3 buckets (with security features enabled) for logging, archive, and application data.

Implementation of proper load balancing and Auto Scaling capabilities
HTTPS-enabled Elastic Load Balancing (ELB) load balancers with hardened security policy
Amazon RDS database backup and encryption
HTTPS to the endpoint.  Traffic is carried encrypted to the ELB load balancer, and then sent encrypted to the instance.
We follow HIPPA security safeguards and compliance rules to secure the server.