How is security managed on Noticeable services?
Noticeable takes your security and the security of your website visitors very seriously. Our team implemented security best-practices at every level.
Our whole team implements strict security practices regarding how they access their accounts:
Noticeable always refused to sell any data and our policy is to respect your data privacy. Our business model is based on paid Noticeable subscriptions. Not on your data.
Two Factor Authentication on third-party services Noticeable uses.
All the features are designed around security and reliability.
Every computer running Noticeable development tools is secured and up to date.
All Noticeable employees, agents, and providers are trained in data-security practices.
Server hardening is also critical in ensuring the best security for our users.
Here are some of our practices in terms of infrastructure management:
Noticeable domains are protected with DNSSEC.
Server authentication is using protected SSH keys.
SSH services are not publicly reachable and are limited to a set of allowed IPs.
Abusing IPs get automatically banned or rate-limited (prevents brute-force attacks on accounts).
Denial-of-service protections are set everywhere (this ensures service resiliency under attack).
All the servers and services are running the latest security updates and patched immediately when a kernel vulnerability is published.
Encryption has become so cheap and convenient today that it's now possible to enable it everywhere. All public network channels on the Noticeable platform are fully encrypted. This comes for both assets loading (Web resources), remote calls, and real-time channels.
Our encryption techniques implement state-of-the-art practices:
Strong TLS keys: RSA, 2048 bits or +.
Elliptic-Curve Cryptography.
Forward-Secrecy with Diffie-Hellman parameters.
HTTP Strict Transport Security.
We dropped legacy encryption methods to alleviate known attacks:
The old SSL protocol is completely disabled (we use TLS).
Legacy ciphers are disabled (e.g.: RC4).
This allows you and your users to stay safe:
Hide the data as it is being transmitted on the network.
Prevent all modification of data as it is being transmitted on the network.
Prevent MITM (Man-in-the-middle attacks).
Allow the service to work on restricted networks, over strict proxies.
If you have questions regarding Noticeable security, chat with us!
Security Practices In Our Team
Our whole team implements strict security practices regarding how they access their accounts:
Noticeable always refused to sell any data and our policy is to respect your data privacy. Our business model is based on paid Noticeable subscriptions. Not on your data.
Two Factor Authentication on third-party services Noticeable uses.
All the features are designed around security and reliability.
Every computer running Noticeable development tools is secured and up to date.
All Noticeable employees, agents, and providers are trained in data-security practices.
Infrastructure Hardening
Server hardening is also critical in ensuring the best security for our users.
Here are some of our practices in terms of infrastructure management:
Noticeable domains are protected with DNSSEC.
Server authentication is using protected SSH keys.
SSH services are not publicly reachable and are limited to a set of allowed IPs.
Abusing IPs get automatically banned or rate-limited (prevents brute-force attacks on accounts).
Denial-of-service protections are set everywhere (this ensures service resiliency under attack).
All the servers and services are running the latest security updates and patched immediately when a kernel vulnerability is published.
Ubiquitous Encryption
Encryption has become so cheap and convenient today that it's now possible to enable it everywhere. All public network channels on the Noticeable platform are fully encrypted. This comes for both assets loading (Web resources), remote calls, and real-time channels.
Our encryption techniques implement state-of-the-art practices:
Strong TLS keys: RSA, 2048 bits or +.
Elliptic-Curve Cryptography.
Forward-Secrecy with Diffie-Hellman parameters.
HTTP Strict Transport Security.
We dropped legacy encryption methods to alleviate known attacks:
The old SSL protocol is completely disabled (we use TLS).
Legacy ciphers are disabled (e.g.: RC4).
This allows you and your users to stay safe:
Hide the data as it is being transmitted on the network.
Prevent all modification of data as it is being transmitted on the network.
Prevent MITM (Man-in-the-middle attacks).
Allow the service to work on restricted networks, over strict proxies.
If you have questions regarding Noticeable security, chat with us!
Updated on: 05/06/2024
Thank you!