Security Policy

DBX global crypto network electronic trade and software

Information security measures used in working with tools and services

Ensuring information security when working with clients at is a top priority when building technological schemes and contractual relations.

The applied information security measures imply continuous improvement by adding and refining new tools to protect information and work with it, improving the audit procedure and reducing the “attack surface” in its own infrastructure.

Actions to protect clients’ information and clients’ work at are manifested in the implementation of the following complex procedures:

  1. Protection of users’ accounts and traffic

Some of the following security measures are enabled by default, while other clients working in may connect by themselves, depending on the desired degree of protection.

  • two-factor authentication (2FA)

An additional level of account protection and the most important operations in it, such as authorization, API key generation and money withdrawal. Two- factor authentication can be configured with Google Authenticator for a two- step authentication using Google’s Time-based one-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), or by using e-mail to obtain an authorization verification code.

  • using HTTPS protocol

HTTPS protocol, working through the encrypted transport mechanism TLS 1.2 provides protection against attacks based on listening to the network connection.

  • advanced test instruments to control the integrity of the account

Authorization data is stored and checked for suspicious activity. The intelligent system keeps track of IP address changes to prevent a work session from being compromised. Notifications are sent by email with reports about the authorization and a reference to the quick freezing of the account if malicious activity.

  • restriction on access to the account by IP-address, protection during money withdrawal

The security system monitors the withdrawal of funds by IP-address and other regularities in the user’s behavior and initiates a manual check for suspicious output operations by the administrator. The procedure of withdrawal confirmation is resistant to malicious modules in the browser.

The white list of addresses allows you to prevent the withdrawal of funds to third party resources.

System Security

The latest Linux systems are used to host the platform. All the servers use patch management system, continuously verify the system and application software against databases of vulnerabilities, including a database of threats to information security FSTEC, so the servers are protected by the most current software and best practices of computer security.

  1. Automatic database backup on a daily basisOnce a day, a backup copy of the trading platform database is created, after which it is encrypted and placed in the archive.
  2. Automatic duplication of backup dataThe backup created (database, log files, etc.) is immediately sent to multiple physical servers that are remote from each other.