Security is one of the major issues associated with deploying services on the Internet. gosim.com, the provider of the gosim service, takes its security responsibilities very seriously and has employed a number of technical staff who are experienced in implementing and managing secure Internet services. This document provides an overview of the security that is incorporated into the setup and design of our services.
A Trusted Design
All gosim.com services are deployed using the same trusted design. The design calls for:
- multiple security levels, so that a low-level security compromise does not cause a compromise of security at higher levels;
- enabling only services that are absolutely required on our systems;
- partitioning the enabled services so that a compromise of one service does not effect other services at the same security level; and
- encrypting all sensitive customer information, both when in transit over the Internet and when stored in our computers.
To support our services there is security at four levels:
- at the routers, which connect gosim to the Internet;
- at the Internet-visible servers, which accept connections directly from the Internet;
- at the firewalls, which pass requests from the Internet-visible servers to the Internet-invisible servers; and
- at the Internet-invisible servers, which accept requests from the Internet-visible servers via the firewalls and return the results.
To protect each of the four levels (routers, firewalls and Internet-visible/invisible servers) from attack we
- apply static and dynamic IP security filtering;
- enable only services that form part of our product; and
- use the most trusted software available to provide our services.
Every connection made between the Internet and our Internet-visible servers, and from our Internet-visible servers to our Internet-invisible servers, is checked by IP filtering to ensure that only correct connections are made.
The Internet-invisible servers run our databases, administration, email system, and voice mail system. Access to these servers is allowed only from the controlled services running on the Internet-visible servers, which maintains the security and integrity of your data.
Whenever gosim.com exchanges sensitive information (recharge, PIN, Travel vault) with our customers over the Internet, we use secure connections via SSL (Secure Sockets Layer). This ensures that all the data is encrypted during transit over the Internet. This means that if a hacker intercepts the data, they will find it almost impossible to decrypt and read.
We also encrypt all sensitive information about our customers before storing it in our database. This ensures that if a hacker obtains the encrypted data from our database, they will find the data almost impossible to decrypt and read. The Travel Vault is an example of customer sensitive information; see the Travel Vault FAQs for more details.