stockNum Systems provides law enforcement agencies with unique technological solutions to their everyday problems at a price that is easily affordable.









Police.Link

Officers will be able to safely and quickly return even the most detailed description of an officers point of contact to their dispatch center within seconds, providing the unit's GPS coordinates as well as the vehicles year, make, model, and color.

Without the hassle of alphanumeric decoding over the radio, collecting a vehicle's identifying factors is as simple as snap and shoot.

Additional details on Police.Link mobile services for law enforcement.






Security Built In The Core

SSL/TLS (https) Traffic Everywhere

Our entire network uses secure https traffic to encrypt and verify all traffic coming in and out of our network; internal servers also use HTTP Public Key Pinning (HPKP) to only trust certificates that are preauthorized, preventing man-in-the-middle attacks against our network.



PHP WAF Blocking

Many common hacking vectors for PHP based systems are well known on the internet and are utilized by script kiddies to probe a network for vulnerabilities. Because our system does not use PHP, we automatically block any IP address requesting PHP files. This serves to block whole ranges of IP addresses of known attackers before they even have the opportunity to probe our network.



Multi-layered DDoS Protection

Our first line of defense is Cloudflare, and we benefit from their network size and traffic variability for data analysis. By protecting over 6M customer websites, Cloudflare has insight into emerging, global threats. As a result, Cloudflare’s DDoS protections and Web Application Firewall proactively defend our network from attacks. Cloudflare’s scale from its 116+ data centers, combined with the Anycast network, enables Cloudflare to resist even the most massive distributed attacks.

Once traffic leaves Cloudflare’s network and is routed to our local data centers, we are further protected from DDoS by Rackspace DDoS mitigation services.



VPN Access to Protected Environments

Protected aspects of our network such as SSH, sFTP, and others are fully locked down to allow only VPN credentialed users to access these services. Additionally, with limited access control and variable security credentials, only authorized personnel for authorized purposes can access restricted data and environments. If credentials were ever compromised, they have highly restricted access, and any attempt to use them outside these restrictions trips our intrusion detection system (IDS).



Isolated Database Credentials

Similar to how we restrict which personnel can access protected environments within our network, we also restrict access to our databases only to our DMZ Private API Servers. Credentials used to access the databases that store secured personally identifiable information (facial recognition database, criminal history, etc.) are isolated in these servers that have no outside internet access and only respond to a highly restricted list of commands from specific public facing web-servers over a protected local NAT.



Encryption At Rest

Not only do we encrypt all traffic going in and out of our network; we also store all data in our databases and datastores fully encrypted while at rest.



No Public Access

None of our protected data is publically available on the internet. For example, all of our arrest photos, revenge photos, and cyberbullying photos are stored encrypted within our secure network. Whenever an authorized person needs access to a specific photograph, the picture is decrypted and returned to the password protected web environment in BASE64 MIME encoding without ever disclosing a URL path to said photograph making it impossible to "share a link" to a photo.