KYNGIN Security
The following items are general purpose security cases for the whole KYNGIN hosting stack. Please see each individual facilities security page for additional details.
-
KYNGIN is a self hosted management platform which is located in the Chicago-land region. We own and operate the facility, we do not colocate. We do not use 3rd parties to host any client data aside from our 3rd and 4th DNS servers (NS3 and NS4). DNS is public record and doesn't contain any private information by design. We use 3rd parties only for DNS service redundancy. The remaining services are here on-premise at our facility. Reducing 3rd parties that have access to your data reduces the attack surface considerably.
-
KYNGIN stores most data encrypted at rest (see security sections of each facility for details), and chooses to use encryption in-transit wherever possible.
-
KYNGIN firewall rules proactively block IP addresses when we detect malicious actors attacking any services across the entire KYNGIN fleet.
-
KYNGIN network providers operate a highly resilient DDoS mitigation network for stopping real time DDoS waves at the edge before they ever hit our servers.
-
KYNGIN operates high performance package builders which allow us to quickly distribute essential package updates days before official repositories include them.
-
Scheduled upgrades: Systems are proactively scheduled for upgrades. We work with each client making sure their systems are upgraded timely on a regular basis.
- For MX, Storage, and DNS facilities, these upgrades are performed automatically and proactively. We notify clients during upgrades in which events may cause outage.
- For Web & DB, we work with clients to have a scheduled upgrade day of the week. On this day, we perform these upgrades during evening hours as organized.
- For Mercury Nodes, all updates are customer required unless we maintain these nodes for clients, in which we will schedule upgrades with them proactively.
-
For Core Security Updates (Kernel / OS) that require server or service restarts: Automation is applied which allows large scale distribution of package sets across the fleet. Automation is deployed quickly and efficiently during low load hours. In the event these updates could cause outages, we notify these events to clients.
-
All KYNGIN servers operate using an internal (non public) time servers which use dozens of upstream providers to guarantee consistency.
- (note: we now have public variants of these servers available)
-
All KYNGIN nodes operate using internal (non public) DNS resolvers servers that do not rely upon upstream providers.
- (note: we now have public variants of these servers available)