Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
How NordVPN will become more secure than ever
#1
Quote:We recently reported an incident involving NordVPN and a third-party datacenter. We’re deeply sorry for letting that mistake happen, but that’s not what this post is about. This is about explaining what we’re going to do to take our security to the next level and make sure nothing like that ever happens again.
1. Partnership with a top cybersec and penetration test consulting firm
Penetration testers are a key part of our security efforts. Their job is to prod our infrastructure for weaknesses and find them before anybody else does. That’s why we’re negotiating a strategic partnership with a leading US cybersecurity consulting firm.
The firm would work with our in-house team of penetration testers to challenge our infrastructure and ensure the security of our customers with:
  • Comprehensive penetration testing;

  • Intrusion handling;

  • Vendor risk assessment;

  • Source code analysis.
We are currently discussing the details with several candidates and plan to make a public announcement next week.

2. Bug bounty program
Our job is to anticipate and prevent bugs before they ever go live. If one does slip past us, the next best line of defense is a vigilant and engaged cybersec community prepared to help catch and fix it before it puts anyone at risk.
Over the next two weeks, will will introduce a bug bounty program. Bug bounties reward cybersecurity experts for catching potential vulnerabilities and reporting them to us so we can fix them. Bounty hunters get a well-earned payout, and NordVPN users get a service they know is scoured for bugs by thousands of people every day to make it as secure as possible.


3. Infrastructure security audit
We are setting the groundwork for a full-scale third-party independent security audit in 2020. More information is forthcoming as we work out the details, but we will keep the public notified.

This will include and may not be limited to:
  • Infrastructure hardware;

  • VPN software;

  • Backend architecture;

  • Backend source code;

  • Internal procedures.

  • 4. Vendor security assessment and higher security standards
    Right now, the majority of the datacenters we work with meet or exceed numerous stringent security standards. As we continue to review our infrastructure, however, we will hold the datacenters we work with to even higher standards than before.
    At the same time, we will also begin to build a network of collocated servers. While still located in a datacenter, collocated servers are wholly owned exclusively by NordVPN. A breach caused by a vulnerability left by a third-party server provider would be impossible.

  • 5. Diskless servers

    We are preparing a plan to upgrade our entire infrastructure (currently featuring over 5300 servers) to [b]RAM servers. These will allow us to create a centrally controlled network where nothing is stored locally. In fact, they won’t even have an operating system stored locally. Everything they need to run will be provided by NordVPN’s secure central infrastructure. If you seize one of these servers, you’re seizing an empty piece of hardware with no data or
    [/b]


  • Our promise

    Nothing like this should have ever been possible and we apologize that it was. However, we’ve learned our lesson and we want to prove it to you with actions, not just words.

    The changes we’ve outlined here will be seen and felt every time you use our service. Every part of NordVPN will become faster, stronger and more secure – from our infrastructure and code to our teams and our partners.
    We can’t promise 100% immunity – no one can. What we can promise is that we have taken this incident to heart and will do everything we can to improve and to win back your trust. [b]We will come back from this even stronger – we owe it to you.[/b]

    [Image: logo-featured-blog.jpg]

Source : https://nordvpn.com/blog/security-plan/
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)