diff options
| author | doc <doc@filenotfound.org> | 2025-06-30 20:06:28 +0000 |
|---|---|---|
| committer | doc <doc@filenotfound.org> | 2025-06-30 20:06:28 +0000 |
| commit | 717fcb9c81d2bc3cc7a84a3ebea6572d7ff0f5cf (patch) | |
| tree | 7cbd6a8d5046409a82b22d34b01aac93b3e24818 /genesishosting/security/security-encryption-standards.md | |
| parent | 8368ff389ec596dee6212ebeb85e01c638364fb3 (diff) | |
Diffstat (limited to 'genesishosting/security/security-encryption-standards.md')
| -rw-r--r-- | genesishosting/security/security-encryption-standards.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/genesishosting/security/security-encryption-standards.md b/genesishosting/security/security-encryption-standards.md new file mode 100644 index 0000000..6d9139c --- /dev/null +++ b/genesishosting/security/security-encryption-standards.md @@ -0,0 +1,23 @@ +# Encryption Standards + +Encryption is applied to all data in transit and at rest across Genesis Hosting Technologies infrastructure. + +## In Transit + +- HTTPS via TLS 1.3 (minimum TLS 1.2 for legacy fallback) +- SFTP for all file transfers +- SSH for all administrative access +- rclone with TLS for object storage replication + +## At Rest + +- ZFS encryption on backup pools +- PostgreSQL encryption at the database or filesystem level +- WHMCS and DirectAdmin credentials hashed and salted +- Backups encrypted with AES-256 before remote transfer + +## Key Management + +- SSH keys rotated every 6 months +- Let's Encrypt certs auto-renew every 90 days +- Master encryption keys stored offline and version-controlled |