What is xcentra Web Premium Protection?

The professionalization and expansion during the last few years of cyber-crime organizations and the so-called "Advanced Persistent Threats" (APTs), as well as the increasing number of associated vectors and risks (spam, virus, ransomware, malware, zombie networks, etc.) nowadays lead inexorably to multi-dimensional, multi-layered IT security architectures.

In xcentra we take cybersecurity and protection of our customer’s assets and data very seriously. Although, unfortunately, nobody is 100% free of the possibility of suffering an attack, we have decided to brand as "Web Premium Protection" all xcentra’s security measures and layers that we implement in our services and products to try always being one step ahead of threats and to minimize potential impacts.

Grouping these xcentra measures by the area in which they are applied, we have:

In our cloud IaaS infrastructure provider:

• Data centres with geo-redundancy and ISO 27001 and AENOR ENS certifications.
• Dual physical and logical firewalls.
• Detailed monitoring configuration policies.

In our servers – operating system:

• Implementation of industry’s basic security best practices and guidelines: CIS Benchmarks, DISA STIGs, OpenSCAP, etc.
• Additional operating system, security policies and remote administration protocols hardening.
• Removal of unnecessary software, services and users.
• Intra-server firewall with optimized restrictive configuration.
• Access control, restriction and auditing.
• Strong encryption of customer data at rest.
• Automatic blocking of unauthorized remote administration accesses.
• Permanent blocking of remote attacking or suspicious remote IP addresses.
• Fast software updates, prioritizing vulnerability and security updates.
• Daily automatic virus, malware, rootkit, intrusions and integrity scans.
• Periodic security audits.
• Automatic system performance and logfile monitoring.
• Daily backups with automatic off-premises transfer to a different physical location.

In our servers – application software:

• Linux Kernel security modules enforcement on application software.
• HTTP DoS, DDOS and brute force attack protection module.
• Web Application Firewall as protection against common and pattern-based attacks.
• Secure configuration of all application software.
• Database servers hardening.

In all our websites:

• TLS certificates for all client-server communications with strong RSA 4096-bit keys.
• Exclusive usage of secure protocols (TLS 1.3, TLS 1.2, SFTP).
• Hardening of HTTP response headers and Content Security Policy directives.
• Hardening, secure configuration and protection against WordPress control panel attacks.
• Automatic immediate WordPress and WordPress plugin updates.
• Spam and trackback attack by-default protection in WordPress.
• All WordPress web forms are delivered to customers secured with Google reCAPTCHA v3 anti-spam protection.

In our electronic mail services:

• End-to-end client-server communication encryption, including webmail services.
• By-default activation and secure configuration of email antivirus and anti-spam filters.
• Initial secure-by-default passwords.
• Custom additional proprietary xcentra advanced spam blocklists.