FAQs & Resources

Increase Font Size Decrease Font Size Print Page Send Page

About Security and Technology

[Warning: The following is geek stuff. If you are a fundraising civilian and attempt to decipher it, you may be awakened tomorrow morning by the cleaning service with your face sunk into your keyboard. VirtualGiving accepts no responsibility for damages thus incurred.]

Internet Security for Your Planned Giving WebsiteAt VirtualGiving, we pride ourselves on our ability to stay ahead of the technology of the World Wide Web. The ongoing evolution of the internet keeps opening doors to more prospects and increased gift totals. VirtualGiving has created the tools that can help you take advantage of those opportunities. Our team of experts specializes in PHP (Hypertext Preprocessor), MySQL (open source back-end database), ActionScript for Macromedia FlashTM, HTML, JavaScript, and CSS (Cross-Browser Cascading Style Sheets), plus graphic design and editing utilizing Adobe PhotoshopTM and Macromedia FireworksTM. This technical skill, combined with our extensive knowledge of planned giving marketing and solicitation, gives us the edge in creating the specialized, interactive, high-quality websites that you need.

VirtualGiving utilizes UrchinTM to allow you to see activity on your site. UrchinTM, recently acquired by Google, is the leader in web statistics and tracking. Its presence on our sites gives you virtually unlimited tracking capabilities.

We are always vigilant about the potential of hackers trying to disable, infect, and generally cause havoc on your website. We secure the hosting servers with IP-Structured security, spam software, and antivirus software that runs locally on our server.

The most engaging planned giving website is useless if it’s "down." Our multi-tiered hardware structure allows us to be up 99.9% without downtime. If a software error occurs, our structured backup allows us to be up and running again in less than one hour. We run a differential backup daily and a full backup once a week. We also duplicate our structure nightly to another server to help ensure that we never lose one item change or configuration update.

What is the technology?

PHP (Hypertext Preprocessor):

PHP is a widely-used open source scripting technology that is significantly suited for Web development and can be embedded into HTML pages. This technology allows us to create interactive sites to a database, create security, and provide variable data to your pages.

PHP is not like programming in Perl or C. It gives you the ability to write an HTML script with some embedded code to output values (like text, numbers, etc.), unlike Perl or C that requires writing a program with lots of commands to output HTML. This means pages load faster.

The main use of PHP is Server Side scripting. Unlike client side JavaScripts, PHP is executed on the Server. If we created a script to output information on your page, the client would see the results but have no way to determine the underlying code. This allows us to secure the data that is allowed to be viewed and what needs to be private.

Command line scripting: we can make a PHP script run without any server or browser. We only need the PHP parser to use it this way. This type of usage is ideal for scripts regularly executed using cron (on *nix or Linux) or Task Scheduler (on Windows). These scripts can also be used for simple text processing tasks, and database optmizations.

MySQL (database):

MySQL ("My-S-Q-L") is multithreaded, multi-user, SQL (Structured Query Language) relational database server. MySQL is popular for web applications and acts as the database component for a set of free software programs commonly used together to run dynamic Web sites. PHP is used to interact with the MySQL database and HTML output.

ActionScript (Macromedia FlashTM):

ActionScript is an ECMAScript-based programming language used for scripting Macromedia Flash movies and applications. Since both ActionScript and JavaScript are based on the same ECMAScript syntax, fluency in one in theory easily translates to the other. However, while JavaScript’s DOM is browser window, document and form centric, the ActionScript DOM is movie centric, which may include animations, audio, text and event handling.

Virtual Giving creates interactive surveys, presentations, and pages that use Macromedia FlashTM. ActionScript gives us the ability to handle HTML form like presentations and XML interaction.

JavaScript:

JavaScript is a scripting language that has evolved since version 3.0 of Internet Explorer and Netscape Navigator. The scripts are programs that allow a web page to be interactive by content or operate the controls of a browser, and create functionality on the client side. Examples include adding sounds to a particular button, changing colors of a page on the fly, ensuring all your fields in a form that requires input are correct and accurate. It also allows us to test the clients browser and ensure that our other scripts and layouts work properly. If it finds that the clients version of the browser does not have the ability to do a certain function it runs another small program that will work.

Cross-browser Cascading Style Sheets:

Cascading Style Sheets (CSS) is the HTML method for controlling visual presentation on web pages. It is a simple styling language which allows attaching style to HTML elements. Every element type as well as every occurrence of a specific element within that type can be declared a unique style, e.g. margins, positioning, color or size.

Our Server Setup for Security

First our infrastructure.

Security goes all the way to the hardware structure. The data center includes traditional locks, and is secured by biometrical surveillance systems. HVAC, fire suppression, hot swappable server and routers form the baseline that secures our web sites. The backbone of our sites is a 100% Cisco Powered Network. Cisco routers ensure maximum security protection.

Firewalls are managed by security specialists and deployed in a ’private IP’ space; the actual web server is segregated in a Virtual Local LAN. Server security also features OS lockdowns, and centralized authentication. We deactivated non used features on our Linux, Apache, mail, DNS, FTP and streaming media programs to help in securing out servers.

Plesk Antivirus:

  • Over 100,000 virus definitions in the database (compared to 20,000+ for ClamAV)
  • High performance - Plesk Antivirus is designed to handle massive volumes of email messages without any delay in mail delivery - Dr.Web handles over 10 million mailboxes for one of the largest portals in Europe
  • Mature - Dr.Web Antivirus has been protecting users since 1990 and currently is protecting over 50 million mailboxes and end-users Superior response time for new viruses (multiple updates per hour when necessary)
  • Heuristic virus analyzing engine able to detect new viruses not yet having signatures in the database
  • Both heuristic and signature based virus detection
  • Options to repair, rename, or delete infected files
  • Virus scan archives (.zip, .rar, .gz, .tar, etc)
  • Auto-updates of virus database
  • Special False notification Prevention mechanism and ability to notify administrators about infected or suspicious messages or files
  • Full log of scan activity
  • Filtering of incoming mail based on the headers of the messages
  • Command-line scanner

Watchdog Monitoring:

This monitoring feature allows us to keep track with what is going on with our server. Is MySQL running properly? Is the Apache Server running? This tool allows us to stay ahead of any concerns that may occur and keep track of what are server is up to.

SpamAssassin:

SpamAssassin is a module to identify spam using several methods including text analysis, internet-based real-time blacklists, statistical analysis, and internet-based hashing algorithms.

Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify ’’spam’’, also known as unsolicited bulk email. Once identified as spam, the mail can then be tagged as spam for later filtering using the user’s own mail user agent application or at the mail transfer agent.

Server and Location Standards

Physical Security
  • Restricted access to facility
  • 24/7 security service at facility
  • Redundant power supplies
  • Fire suppression system (non-water based)
  • Hardened structure
  • Media and servers are secured and off limits to all but authorized personnel
Server Configuration
  • All unnecessary services (typically anything but HTTP, SSL and Secure FTP) are disabled
  • Firewall is configured on a "deny all" model, blocking all incoming traffic except traffic specifically permitted
  • All unnecessary HTTP methods are disabled
  • OS and server versions are tested and patched to the most recent stable version
  • Unused dynamic services (i.e. FrontPage DLLs) are not present
  • Directory browsing is disabled
  • Password lists are not accessible to external users
Software Configuration
  • Administration tools are configured and secured behind encrypted passwords
  • Unnecessary applications are either disabled or removed
  • Dynamic pages are not vulnerable to "URL injection" (i.e. changing numbers in IDs in URLs to access unauthorized accounts)
  • Forms do not allow characters and strings that could be used to perform buffer overflows
Policies and Procedures
  • Proactive intrusion detection
  • Proactive software upgrading policy
  • Continuous monitoring of site to ensure availability and performance
  • Detailed service level and uptime guarantees
  • Dedicated account manager available to configure site and answer questions
  • Customer service representatives alert to "social engineering" attempts (i.e. attempts to request password resets by impersonating authorized personnel)
© 2009 Virtual Giving, Inc | 1288 Valley Forge Road, Building 82, Phoenixville, PA 19460 | Toll-Free: 1 (800) 490-7090 | Terms of Use