Security Safeguards

Protecting your privacy

This is very good and practical. I recommend this to all my colleagues. Bravo! No more phone calls and e-mails!" Rodry Erwinn The Dharmawangsa Hotel Jakarta, Indonesia More Testimonials...

Plaxo is committed to handling customer information with the highest standards. To enable the trusted exchange of personal information, we've implemented the following industry-proven physical, electronic, and procedural safeguards:

• We protect our network with a secure firewall system. Plaxo's network can only be accessed through ports 80 (HTTP), 443 (Secure HTTP) and 25 (SMTP). All other ports are filtered.
• We employ an Intrusion Detection System (IDS) that constantly monitors all activity in the Plaxo network. IDS collects network traffic information which is analyzed by Symantec. This allows the real-time detection of exploits, denial-of-service attacks, port scans, etc. We are immediately notified if any suspicious activity takes place.
• We have implemented a Mandatory Access Control system to manage access to all server resources. This goes beyond the traditional user/group based access control offered by most operating systems.
• We use a single point of access to the secure server network. Access requires certificate based authentication via a Secure Shell (SSH) limited to a select group of employees. The server machines are on their own private network, isolated from outside connections, with the exception of the administration host, which requires certificate-based authentication.
• We install a custom "hardened Linux kernel" that has been reduced to the minimum subset necessary to run our service, effectively removing many exploits and potential compromises.
• We use SSL to encrypt our proprietary protocol for client/server communications.
• We validate all e-mail addresses of users who join the Service.
• We encrypt all passwords stored in our database. We do not send passwords or requests for passwords through e-mail.
• We strip attachments from all Plaxo e-mails in order to prevent viruses from being transmitted through our system.
• We expire all Web sessions.
• We maintain and selectively review activity logs to prevent unauthorized activities from occurring within our computer environment.
• We control access to customer information inside our company by limiting employee access to systems and data based on business requirements.
• We test our security systems regularly and periodically contract outside companies to audit our security systems and processes.

The security of Plaxo accounts also relies on customers protecting their Plaxo password. If you suspect that someone may have obtained access to your password, please change it immediately by signing in to your account at http://www.plaxo.com to manage your "Account Settings."