Security Policy & Mechanisms

Our site has security measures in place to help protect against the loss, misuse, and alteration of the Data under our control. When our Site is accessed using Mozilla Firefox 3+, Safari 3+, Opera 6+ or MS Internet Explorer 5+, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that Data is safe, secure, and available only to you. iAmmo.com also implements advanced security methods based on dynamic data and encoded session keys, and hosts the Site in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Finally, iAmmo.com provides unique user names and passwords that must be entered whenever a customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.

Security Details

• User Account Data Encryption
  
  All user account data and login information is stored via one-way hash & salted encryption at the record level. As a result, passwords are unrecoverable by system administrators and data cannot be recovered without the proper password by anyone. Minimal password length, special characters, numbers and upper/lower case letters for passwords are enforced for both users and administrators.

• Mandatory Account Login & Password
  
  Orders cannot be place on iAmmo.com without a user account login. This is solely to protect user personal information. Each password owner is responsible for keeping their password secret and confidential, and for notifying us if their password may have been stolen or compromised.

• Time Limits
  
  Site visits are limited to a length of no more than 20 minutes from the last page load (on a sliding time scale). Accounts are automatically logged off and session reset after that time period. This is to prevent opportunistic attacks at public terminals, WiFi connections, and man-in-the-middle attacks.

• Site To eMail Server Encryption
  
  All iAmmo.com's site-to-Email server transfers are sent internally using secure email protocols via SSL with 256bit (or greater) encryption scheme.

• Site To Site Data Transfers & Back Ups Encrypted Transfers
  
  All iAmmo.com's site-to-site and server-to-server data transfers including backups are encrypted with 1024bit (or greater) encryption utilizing FTPS (FTP/SSL) technologies.

• Database Script Injection Protection
  
  iAmmo.com has built-in parameter validation & authentication for forms, querystrings, cookies, session variables, and any webcontrols or webservices, both front facing and in protected areas of the Site. If, in the unlikely event, script injection counter-measures are compromised, all user account data and system login data is one-way hash/salted encrypted on the database, rendering such information useless to the attacker.

• JavaScript Injection Protection
  
  iAmmo.com has built-in counter measures to prevent the introduction of unauthorized, external scripts into pages on the website.

• Anti Spoofing Precautions
  
  iAmmo.com has built in systems to ensure authenticity and will issue periodic eMails if/when phishing attempts are made. iAmmo.com will NEVER ask for personal information via email and NEVER send an email with direct links to an account login page or any page requiring such information. All email deliveries are key coded to prevent email backdoor attacks, spoofing and SPAM.

• Compiled Website Code
  
  Unlike most websites on the Internet, iAmmo.com utilizes 100% 64bit compiled code. Scripted languages (e.g. PHP, Perl, Classic ASP, etc.) are more vulnerable to attacks than compiled code (e.g. Java, DotNet, etc.). JavaScript is never used to authenticate users and only used to save server time by pre-validating data before that data is again re-validated on the server (i.e. security cannot be compromised via client side re-scripting).

• Hack Attempt Logging & Reporting
  
  All websites are vulnerable to attack either by malicious users or Net-Bots. All breaching attempts are logged, countered, and if necessary, reported to authorities.

• eMail Server Protection
  
  iAmmo.com's mail servers proactively remove viruses/spyware/SPAM and similar attacks both inbound and outbound, not publicly available and privately owned.

• Dedicated, Non-Shared, Private Servers
  
  iAmmo.com's website, database and support software is hosted on dedicated, secure servers and is not shared with any website or database not owned by NetBallistics, LLC.

• Secure Data Center Server Hosting
  
  Net Ballistic, LLC's dedicated servers are exclusively located in a secure, monitored data center on 5 redundant WAN links.

• Active Firewall Protection
  
  Our servers are protected by both hardware and software firewalls utilizing state-of-the-art technology.

• 256-bit SSL Encryption
  
  iAmmo.com utilizes full 256-bit Secure Socket Layer (SSL) encryption with certificates provided by Register.com, one of the most trusted and experienced registrars on the Internet.

• In House Security
  
  While we use SSL encryption and user passwords to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to sensitive or personally identifiable information. Furthermore, ALL employees are kept up-to-date on our security and privacy practices.

Changes To Our Security Policy & Mechanisms

If our security policy & mechanisms change, these changes will be posted here and date of modification posted below.

This policy was last modified on January 24th, 2010