Firewalls & Unified Threat Management (UTM) Devices

Unified Threat Management (UTM) Device

Unified Threat Management (UTM) Device

Access Control Lists (ACLs)
Used to either block or allow port(s) and or port & IP combinations known as sockets. For example port 25 is often blocked because it is unencrypted and can be used for unauthorized email relaying. All incoming traffic is generally blocked referred to as a deny any any statement then as services are deployed ports are opened for those services and are only allowed to the host that is making those services available. Only servers will have port(s) opened and only the ports that are in use by the corresponding applications. Some common ports are 21 FTP, 22 SSH, 25 SMTP, 53 DNS, 80 HTTP, 110 POP3, 143 IMAP and 443 HTTPS.

Web Content Filtering
Blocks websites or groups of sites based on URL address or categories such as adult, shopping, video streaming, social media and more. This can keep your employees focused on their work and not the many distractions on the internet. Also blocking bandwidth hogging sites such as video streaming like Netflix and YouTube. Of course we can provide an override code to circumvent the filter or allow certain PCs or groups of PCs to not be a part of the filtering. We can even create different filtering lists for particular departments or individual persons.

Quality of Service (QoS)
Assigns bandwidth caps or reserves to specific traffic types so that even during times of high utilization those specific traffic types still function normally.  For an example reserving bandwidth for VoIP traffic and capping the amount of traffic used for video streaming. So in the event several users are streaming video there’s still enough available bandwidth so as not to degrade the telephone call quality. Most commonly used in conjunction with traffic shaping.

Traffic Shaping
Prioritizes certain traffic types over others for example VoIP would be highest priority. Because it requires very little bandwidth but when it has insufficient bandwidth it can ruin the call quality by making it choppy or with an echo. For example if the system receives VoIP traffic and YouTube traffic at the same time  the VoIP traffic will take priority and go ahead of the YouTube traffic. Most commonly used in conjunction with QoS.

Deep Packet Inspection (DPI)
An advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes or blocks packets with specific data or code payloads that conventional packet filtering, which examines only packet headers, cannot detect.

Intrusion Detection Prevention (IDP)
Looks for signature patterns of malicious traffic then automatically blocks the IP address of the detected attacker(s) for a predetermined amount of time based on the type of offense.

Unified Threat Management (UTM)
Unified threat management is an approach to information security where a single hardware or software installation provides multiple security functions. This contrasts with the traditional method of having point solutions for each security function. Such as VPNs, QoS, DPI, Application firewall, IDS/IDP, content filtering, traffic shaping, logging, routing, ACLs, Two Factor Authentication (2FA), network layer virus filtering & access point controller for mesh WiFi deployments.

Next Generation Firewall (NGFW)
Another form of UTM incorporating traditional firewall functionality in addition to content filtering, application firewall, IDS/IDP and DPI.

Network Layer Virus Detection & Removal
Detects and removes most viruses, malware, spyware, ransomware, Trojans, worms & rootkits. Operates at the network layer before reaching the intended PC or server. Logs and notifies us to all detection’s so we can take preemptive measures.

Virtual Private Networks (VPNs)
Explained in further detail at the bottom of this page.

Common Manufacturers
UTMs / Firewalls Software or Hardware devices including Barracuda, Brocade, Check Point, Cisco, Dell Sonicwall, Fortinet, HP, Meraki, Netgear, Palo Alto, pfSense, Juniper, Sophos, WatchGuard, Ubiquiti, Zyxel & More

Two Factor Authentication (2FA)

Two Factor Authentication (2FA)

Two Factor Authentication (2FA)

Utilizing two factor authentication when logging in requires the standard username and password combination. Then there’s also a randomly generated number that changes every 60 seconds that can be delivered to the user via text, email, smart phone application or key fob. Without all three you will be unable to log in making it very difficult for hackers even if they are able to obtain your username and password to gain access to your sensitive data.

Viruses, Ransomware, Cryptolocker, Malware, Spyware, Adware, Trojans, Worms & Rootkit Removal

Virus Malware Adware Spyware Ransomware Trojan Worm Removal & Protection

Viruses can be devastating to businesses large or small especially ransomware. Which encrypts all your files making them inaccessible demanding a payment in crypto currency for the key to unlock them. We maintain a %99 successful removal and recovery of infected files. Protecting against attacks like this requires a layered defense including employee training. The first layer of defense is a unified threat management (UTM) device. This acts as a firewall blocking ports and not allowing connections from outside the office. This also scans all incoming files for virus signatures before even reaching the intended target. Next is content filtering which blocks malicious and questionable websites. Intrusion detection prevention (IDP) looks for attack signatures and automatically blocks whatever it deems to be an attack. Next segmentation which keeps unwanted software from spreading across the network by blocking communications in one department from reaching the next containing the outbreak. Next layer is managed antivirus software installed on each device managed meaning all detection are reported immediately so action can be taken quickly. Then a virus, spam and spear phishing detection and removal solution for the email server. Disabling all removable media devices and ports to keep users from inserting infected media in to their computers. Lastly solid employee training on what they should and shouldn’t be clicking on or installing on their PCs. Which is nothing that isn’t work related or approved by an administrator and if your’e not sure ask first.

HIPAA Compliance

HIPAA Compliance Certification

HIPAA Compliance Certification

HIPAA became law in 1996 and has continued to grow in both scope and enforcement over time. At its core, HIPAA was used to create a regulatory structure that would safeguard the handling, storage, and transmission of patient health information. A second central objective of HIPAA was to empower patients with greater control over their health information and medical records by allowing them to request their medical records and requires covered entities to comply with those requests. Additionally, HIPAA ensured that patient health information was portable, such as when a person moved between employer-provided health plans during a job or career change. Over time, the language, scope, and requirements set forth in HIPAA have expanded to incorporate technologies and the risk they bring to patient data security.

Benefits of Compliance
Patient Trust
Proactive Data Protection
Ongoing Profitability
State & Federal Law Compliance
Avoidance of Fines & Law Suites
Piece of Mind

Ways Compliance is Achieved
Security Audits
Penetration Testing
Real Time Monitoring
Training & Enforcement of Policies & Procedures
Logging w/ Retention Policy
Access Control Lists (ACLs)
Next Generation Firewalls (NGFWs) & Unified Threat Management (UTM)
Intrusion Detection Sensing & Prevention (IDS/IDP)
Disable all removable storage medium on machines that access sensitive data

PCI/DSS Compliance

PCI / DSS Compliance Certification

PCI / DSS Compliance Certification

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. Very important on eCommerce platforms to protect credit card transactions.

Penetration Testing & Security Auditing

Using specialized tools and software we run simulated attacks. Probing the network and systems for weaknesses and vulnerabilities. We then compile a list of everything we discovered and then patch or close off whatever vulnerabilities were discovered. We recommend doing this at least every six months to be sure nothing has slipped through the cracks. No level of security is infallible especially against what is known as zero days or exploits that haven’t been discovered yet thus cant be blocked or detected until brought to the attention of the security community. The only way to detect a zero day before it goes public is intensive real time monitoring of suspicious network traffic. Obviously you wont find what your not looking for. The next generation of security devices will utilize AI to analyze the traffic and look for anomalies it then brings to the attention of the administrator.

Employee & User Monitoring

Employee & User System Usage Monitoring

Employee & User System Usage Monitoring

Have an employee or user on your network that is acting suspicious? We can monitor their activity real time or analyze their activity later using logs. This can be aimed at a single person, department, location, port or everything and everyone. We can detect anything from illegal activity, to theft of intellectual property (IP), inappropriate behavior or activities prohibited while on the clock like shopping or social media usage.

Encryption

Encryption Explained

Encryption Explained

Encryption is a process that encodes a message or file so that it can be only be read by certain people. Encryption uses an algorithm to scramble, or encrypt, data and then uses a key for the receiving party to unscramble, or decrypt, the information. … In its encrypted, unreadable form it is referred to as ciphertext. Utilizing a high bit rate cipher increases the number of possibilities making the code harder to crack by guessing referred to as brute force.

File & Disk Encryption

The process of encrypting file(s) or entire hard drives using a key that only the person who encrypted the files posses keeping them safe from being accessed by individuals not possessing the key. Unfortunately the process of encrypting then decrypting making files usable again does have a negative performance impact especially when using whole disk encryption. Fortunately there are products specifically designed to speed up with process.

Secure Sockets Layer (SSL)

Is a security protocol that creates an encrypted connection between a computer and a Web server. Basically, it’s a series of steps that the browser and the server agree upon that set up the encrypted connection. The way that they do this is by exchanging an SSL certificate using a private and public key signed by a trusted signing authority. This has become so important that google will actually lower the rank of websites not utilizing an up to date properly sign SSL certificate. SSLs can also be used to encrypt email, VPN, SSH and FTP connections.

Transport Layer Security (TLS)

The latest and greatest in email encryption and should be used whenever possible. Performs a function very similar to what SSL does for email just utilizing the latest security technology.

Quantum Encryption

Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best known example of quantum cryptography is quantum key distribution which offers an information-theoretically secure solution to the key exchange problem.

Virtual Private Networking (VPN)

Virtual Private Network (VPN) Diagram

Virtual Private Network (VPN) Diagram

By using a VPN device or software you can connect two or more networks together through the internet via an encrypted tunnel making the connected networks act as one. Securely sharing resources on either side of the VPN. A VPN also allows one side to act as a default gateway allowing the other side to route their internet connection through that default gateway obscuring their location and anonymizing their internet traffic. VPNs are now also being used to secure traffic as it traverses a local area network (LAN).

Site to Site VPN
A site to site VPN virtually connects two networks using encryption at different locations over the internet. So it acts as one large network from a users point of view and they are able to access resources at either location as if they were local. When using a site to site the VPN connection is initiated and maintained at the network layer. So the user doesn’t need to perform any action to connect. In most scenarios there is a main office or data center that all the branch offices connect to and this is where all the data / infrastructure is stored. We utilize a site to site VPN in almost all of our cloud and data center deployments.

Software VPN
Uses software installed on the client computer that can then connect to a VPN device usually at the main office or data center using encryption over the internet. No hardware is required on the client end and is an easy way to connect to the office remotely. Generally the connection is initiated by the user it can be set to do it automatically but this is not preferred unless the device is only used for work.