Description

Wolkvox implements hardening controls across all components of its infrastructure, following documented guidelines and industry-recognized security best practices. These controls are designed to minimize attack surfaces, eliminate unnecessary configurations, and ensure that systems operate securely and efficiently. Hardening is applied to servers, networks, applications, and databases, ensuring that solutions comply with standards such as ISO/IEC 27001, NIST, and CIS Benchmarks.

As part of the Information Security Management System (ISMS), Wolkvox conducts periodic audits to validate the effectiveness of these controls and maintain infrastructure protection against threats.

Features

Controles de Hardening Implementados

• Encryption in Transit and at Rest: Use of protocols such as TLS 1.2/1.3 for secure communications and AES-256 encryption for stored data.
• Multi-Factor Authentication (MFA): Required for critical access, adding an extra layer of security.
• Firewalls and Whitelisting: Configuration of perimeter firewalls, IPTABLES rules, and access whitelists to restrict unauthorized traffic.
• User and Password Management: Strict policies for password creation, rotation, and complexity, along with the deactivation of inactive accounts.
• Secure Protocols and Certificates: Implementation of HTTPS with valid and updated SSL/TLS certificates, avoiding obsolete or vulnerable protocols.

Audits and Monitoring

• Periodic Evaluations: Security audits are conducted on the base infrastructure to identify and correct potential weaknesses or deviations from hardening standards.
• Continuous Updates: Controls are regularly reviewed and adjusted to adapt to new threats or changes in best practices (e.g., CIS Benchmarks).
• Detailed Documentation: All hardening procedures are documented, including configurations, responsible parties, and application dates, to ensure traceability and compliance.