+44 (0) 1302 780 276 sales@mirata.ltd.uk

Our Security

We know that security is crucial to you, and at Mirata, it’s our top priority. We provide state-of-the-art security to ensure that your important information is never compromised.

We devote significant resources to continually develop and enhance Mirata world-class security and operations infrastructure. The result is that we maintain unsurpassed security and privacy of your information.

At Mirata we host all our servers at secure co-location facilities. A co-location facility (sometimes known as a data centre) is a network-connected secure commercial facility for the housing of telecommunications and IT infrastructure. Co-location involves the sub-letting of space in a safe and secure environment.

We utilise uninterruptable power supplies and an n+1 generator setup to ensure constant and clean energy to our infrastructure. The data centre is protected by fire suppression, monitored by CCTV both externally and internally, has 24x7x365 onsite security and the building is surrounded by an 8ft perimeter fence.

Our platforms are designed to be highly redundant and all data is stored in network disk arrays. Data is automatically synchronised between the arrays so that in the event of an array failing the remaining array continues to serve data to the servers with no downtime. Each array is also backed up each night to a separate backup cluster which is then written to tape and stored offsite.

network_connections

By connecting to multiple backbones, data can be distributed through many sources. This architectural design also means that services are not dependent upon any single Internet backbone.

Our Security and Monitoring Measures

All data entered into Mirata solutions is stored in Europe in accordance with the UK Data Protection Act and the Register of Data Controllers.

  • Security Number: 10760275
  • Registration Number: Z1558824
  • Data Controller Name: MIRATA LTD

The Data Universal Numbering System, abbreviated as DUNS or D-U-N-S is a system developed and regulated by Dun & Bradstreet (D&B) which assigns a unique numeric identifier to a single business entity.

  • DUNS: 737160213 MIRATA LTD

This numeric identifier is then referred to as a DUNS number. A D-U-N-S Number is a unique nine-digit sequence recognized as the universal standard for identifying and keeping track of businesses worldwide.

Most Mirata employees do not have direct access to the production servers. However, a carefully limited number of employees have access for necessary system management, maintenance, monitoring security, and backup procedures.

  • Back-up: all customer data is automatically backed up on a nightly basis, and stored at a secure facility in Europe. We also backup your data on daily, weekly and bi-weekly rotations at multiple locations, to safeguard against an unforeseeable catastrophe.
  • User Authentication: a valid username and password are required to access your information. All transactions are authenticated. Biometric surveillance, robust fire suppression, multiple power sources and carefully monitored climate control are just a few of the features that protect the servers that store your data.
  • Operating System Security: we enforce tight operating system-level security by using a minimal number of access points to all production servers. We protect all system accounts with passwords and follow best practices. All operating systems and applications are maintained at the vendor’s recommended patch levels for security.
  • Intrusion Analysis: Software, hardware and human intrusion detection systems and methodologies constantly monitor our systems ensuring no one is accessing our servers that is not supposed to be.

SSL Data Encryption

The SSL option for all Mirata sites leverages the strongest encryption product to protect your data transmission, including 256-bit SSL certification. The lock icon in the browser indicates that your data is fully secure while in transit over the internet.

Vulnerability Analysis

Vulnerability analysis, also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. Mirata production servers and solutions are regularly tested using dedicated security teams, and security focus groups.

Mirata does not publish information related to the nature or process of any vulnerability testing, however, below is a list of vulnerability classes.

SQL Injection
XSS (Cross-site Scripting)
DOM XSS
Command Injection
Blind Command Injection
LFI (Local File Inclusion) & Arbitrary File Reading
Remote File Inclusion
Remote Code Injection / Evaluation
CRLF / HTTP Header Injection / Response Splitting
Open Redirection
Frame Injection
Database User has Admin Privileges
Vulnerability Database (Inferred vulnerabilities)
ASP.NET ViewState Vulnerabilities
ViewState is not Signed
ViewState is not Encrypted
Web Backdoor Identified
TRACE / TRACK Method Support Enabled
XSS Protection Disabled
ASP.NET Debugging Enabled
ASP.NET Trace Enabled
Backup Files Accessible
Apache Server-Status and Apache Server-Info pages Accessible
Hidden Resources Accessible
Crossdomain.xml File Vulnerable
Robots.txt File Vulnerable
Google Sitemap Vulnerable
Silverlight Client Access Policy File Vulnerable
CVS, GIT and SVN Information and Source Code Disclosure
PHPInfo() Pages Accessible and PHPInfo() Disclosure in other Pages
Sensitive Files Accessible
Redirect Response BODY Is Too Large
Redirect Response BODY Has Two Responses
Insecure Authentication Scheme Used Over HTTP
Password Transmitted over HTTP
Password Form Served over HTTP
Authentication Obtained by Brute Forcing
Basic Authentication Obtained over HTTP
Weak Credentials
E-mail Address Disclosure
Internal IP Disclosure
Directory Listing
Version Disclosure
Internal Path Disclosure
Access Denied Resources
MS Office Information Disclosure
Auto-Complete Enabled
MySQL Username Disclosure
Default Page Identified
Cookies are not Marked as Secure
Cookies are not Marked as HTTPOnly
Stack Trace Disclosure
Programming Error Message Disclosure
Database Error Message Disclosure
Application Source Code Disclosure

To afford your web application the maximum degree of protection, Mirata checks for numerous vulnerabilities and deviations from security best practice.