Security

Getting started

Client Dashboards

Client Dashboards

Board and Management Reports

Onboarding

Onboarding process

Documentation

Digital Sales Room

Digital Sales Room

Mobile application

Mobile application

Mobile application

Schedule Engage

Schedule Engage

We take your security seriously

We host our services on multiple servers around the world to ensure minimal impact to our services in the unlikely event of downtime in any given data center.

Components

Wireguard - self-routing, mesh networking protocol and software implementation used for compressed and encrypted virtual private networks.
IP-Filtering between all VMs,
Logs manager at applicative layer.

Services

Standard anti-DDoS service for all Scaleway servers,
Any services provided by Scaleway (e.g. anti-DDoS, Vuln. Scans, monitoring

Encryption

In-transit

External flows

(End-user to Front End ) – All data in transit protected with TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
(SMTP to End-user) - All emails are protected with TLS 1.2 with AES 128 bits encryption.

Internal flows (Front End <> DB <> Other components).

Flow encrypted with dedicated mesh networking protocol VPN Wireguard

At-rest

All DBs are redundant and disk are LUKS encrypted,
Exported data (back-up) is encrypted (PGP OpenSSL with RSA key),

Key Management

Keys storage & accessibility:

SSH Keys (remote access) are stored on Listen Leon local network with restricted access to CTO team.
Wireguard Keys: VM unique Private key is stored locally on the related server, Public key is shared with all other mesh of the network. Additionally, IP filtering is added to avoid unauthorized connection with non-declared VM / Server.

Key access monitoring: No monitoring enabled at this stage,
Certificates storage: stored on Listen Leon local network with restricted access to CTO. Also available on the certificates provider. On the server, the certificate is only accessible with the Traefik Run User.

URLs

Front end: https://*.listenleon.com
Back end: https://*.listenleon.net

Backup and recovery plan

Types of information/data which are backed-up

We have two types of data that are backed-up :

All application sources => text
MariaDB data => text
MongoDB data => text
Redis data => text
Pictures user profile => image

Cycle for conducting the back-up

A back-up is made every hours. We keep 1 backup per single day, for 3 months.

Methods used to conduct the back-up

Each server makes an export of hosted data. We use a public RSA key to encrypt the data exported with PGP OpenSSL.

Next, Rsync is used to send the latest backup to an external server hosted at our Headquarters (Marseille / France) – Authentication key/ssh.

This server is responsible for archiving these back-ups by date.

Before sending any back-ups to our internal server, an md5 hash is calculated to ensure that transfer has not corrupted the file.

← Previous

Board and Management Reports

Next →

Onboarding Process

On this page

We take your security seriously
Components
Services
Encryption
URLs
Backup and recovery plan
Types of information/data which are backed-up
Cycle for conducting the back-up
Methods used to conduct the back-up