(site) is on its own instance Nginx, PHP5-‐FPM are installed -‐ no addiQonal services run on the box Port 80 and 443 are exposed by Amazon security group, all other ports are blocked to the public Internet. Security cerQficate installaQon uses custom Diffie-‐Hellmen and receives an A+ raQng on ssllabs.com SSH login restricted to Brightsource network and is by cerQficate only. Fail2Ban is installed CerQficate is not shared outside of our team.