The security of your data is our top priority. Here, we will give you some insight to our security architecture.
Our system has three main components (each running on seperate servers):
- Web front-end
- Data aggregation
The communication between our servers is always encrypted, and only the web servers are reachable from the internet.
The front-end is solely reachable via secure HTTPS connections. This connection is supported by an Extended Validation Certificate. Your (at least 8 characters long) password is stored cryptographically secure (Wikipedia ) in our database.
Additionally, your account will be locked automatically for some time after several failed login attempts. To access your account within this time, you can request an unlock token via mail. This effectively impedes the possiblity of guessing your password.
Network credentials will be encrypted with an (asymmetric) 2048 bit RSA key before they are written to our database (Wikipedia ). It is impossible to decrypt any credentials in the front-end.
Another defense layer consists of a firewall and an intrusion prevention system (Wikipedia ), which actively wards off attackers.
The DB server stores both statistical data as well as the encrypted network credentials. The cryptographic keys are not stored on this server, hence the security of the data is not compromised, even if an attacker gains access to the database tables (or their backups).
The aggregation servers are responsible for collecting the data from the different networks, so they need to decrypt the credentials. For this (and only this) purpose, the credentials are decrypted for the period of time it takes to access the networks.
We will never submit your data to a third party (except for legal requirements). Affiliboard, as service operated in Germany, is subject to German data privacy law (“BSDG”).