Network & Systems Cybersecurity

Cybersecurity
Next Generation Firewalls & Unified Threat Management (UTM) Devices

Unified Threat Management (UTM) Device
Access Control Lists (ACLs):
Access control lists are used to either block or allow port(s) and or port & IP combinations known as sockets. For example, port 25 is often blocked because it is unencrypted and can be used for unauthorized email relaying. All incoming traffic is generally blocked referred to as a deny any any statement then as services are deployed ports are opened for those services and are only allowed to the host that is making those services available. Only servers will have port(s) opened and only the ports that are in use by the corresponding applications. Some common ports are 21 FTP, 22 SSH, 25 SMTP, 53 DNS, 80 HTTP, 110 POP3, 143 IMAP and 443 HTTPS.
Web Content Filtering:
Web content filtering blocks websites or groups of sites based on URL address or categories such as adult, shopping, video streaming, social media, and more. This can keep your employees focused on their work and not the many distractions on the internet. Also, blocking bandwidth hogging sites such as video streaming like Netflix and YouTube. Of course, we can provide an override code to circumvent the filter or allow certain PCs or groups of PCs to not be a part of the filtering. We can even create different filtering lists for particular departments or individual persons.
Quality of Service (QoS):
Assigns bandwidth caps or reserves to specific traffic types so that even during times of high utilization those specific traffic types still function normally. For an example, reserving bandwidth for VoIP traffic and capping the amount of traffic used for video streaming. In the event several users are streaming video there’s still enough available bandwidth so as not to degrade the telephone call quality. Most commonly used in conjunction with traffic shaping.
Traffic Shaping:
Traffic Shaping prioritizes certain traffic types over others for example VoIP would be highest priority. Because it requires very little bandwidth but when it has insufficient bandwidth it can ruin the call quality by making it choppy or with an echo. For example if the system receives VoIP traffic and YouTube traffic at the same time the VoIP traffic will take priority and go ahead of the YouTube traffic. Most commonly used in conjunction with QoS.
Deep Packet Inspection (DPI):
Deep Packet inspection is an advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes or blocks packets with specific data or code payloads that conventional packet filtering, which examines only packet headers, cannot detect.
Intrusion Detection Prevention (IDP):
Intrusion detection prevention looks for signature patterns of malicious traffic then automatically blocks the IP address of the detected attacker(s) for a predetermined amount of time based on the type of offense.
Unified Threat Management (UTM):
Unified threat management is an approach to information security where a single hardware or software installation provides multiple security functions. This contrasts with the traditional method of having point solutions for each security function. Such as VPNs, QoS, DPI, Application firewall, IDS/IDP, content filtering, traffic shaping, logging, routing, ACLs, Two Factor Authentication (2FA), network layer virus filtering, & access point controller for mesh WiFi deployments.
Next Generation Firewall (NGFW):
Next generation firewall is another form of UTM incorporating traditional firewall functionality in addition to content filtering, application firewall, IDS/IDP, and DPI.
Network Layer Virus Detection & Removal:
Network layer virus detection locates and removes most viruses, malware, spyware, ransomware, Trojans, worms, & rootkits. Operates at the network layer before reaching the intended PC or server. Logs and notifies us to all detection’s so we can take preemptive measures.
Virtual Private Networks (VPNs):
Explained in further detail at the bottom of this page.
Common Manufacturers:
UTMs / Firewalls Software or Hardware devices including Barracuda, Brocade, Check Point, Cisco, Dell Sonicwall, Fortinet, HP, Meraki, Netgear, Palo Alto, pfSense, Juniper, Sophos, WatchGuard, Ubiquiti, Zyxel, & More
Two Factor Authentication (2FA)

Two Factor Authentication (2FA)
Utilizing two factor authentication when logging in requires the standard username and password combination. Then, there’s also a randomly generated number that changes every 60 seconds that can be delivered to the user via text, email, smart phone application or key fob. Without all three you will be unable to log in, making it very difficult for hackers even if they are able to obtain your username and password to gain access to your sensitive data.
Virus, Ransomware, Cryptolocker, Malware, Spyware, Adware, Trojans, Worms & Rootkit Removal
Viruses can be devastating to businesses large or small especially ransomware. Which encrypts all your files making them inaccessible demanding a payment in crypto currency for the key to unlock them. We maintain a 99% successful removal and recovery of infected files. Protecting against attacks like this requires a layered defense including employee training. The first layer of defense is a unified threat management (UTM) device. This acts as a firewall blocking ports and not allowing connections from outside the office. This also scans all incoming files for virus signatures before even reaching the intended target. Next is content filtering which blocks malicious and questionable websites. Intrusion detection prevention (IDP) looks for attack signatures and automatically blocks whatever it deems to be an attack. Segmentation keeps unwanted software from spreading across the network by blocking communications in one department from reaching the next containing the outbreak. Next layer is managed antivirus software installed on each device managed meaning all detection are reported immediately so action can be taken quickly. Then a virus, spam, and spear phishing detection and removal solution for the email server. Disabling all removable media devices and ports to keep users from inserting infected media in to their computers. Lastly solid employee training on what they should and shouldn’t be clicking on or installing on their PCs. Which is nothing that isn’t work related or approved by an administrator and if you’re not sure ask first.
HIPAA Compliance

HIPAA Compliance Certification
HIPAA became law in 1996 and has continued to grow in both scope and enforcement over time. At its core, HIPAA was used to create a regulatory structure that would safeguard the handling, storage, and transmission of patient health information. A second central objective of HIPAA was to empower patients with greater control over their health information and medical records by allowing them to request their medical records and requires covered entities to comply with those requests. Additionally, HIPAA ensured that patient health information was portable, such as when a person moved between employer-provided health plans during a job or career change. Over time, the language, scope, and requirements set forth in HIPAA have expanded to incorporate technologies and the risk they bring to patient data security.
Benefits of Compliance:
•Patient Trust
•Proactive Data Protection
•Ongoing Profitability
•State & Federal Law Compliance
•Avoidance of Fines & Law Suites
•Piece of Mind
Ways Compliance is Achieved:
•Security Audits
•Penetration Testing
•Real Time Monitoring
•Training & Enforcement of Policies & Procedures
•Logging w/ Retention Policy
•Access Control Lists (ACLs)
•Next Generation Firewalls (NGFWs) & Unified Threat Management (UTM)
•Intrusion Detection Sensing & Prevention (IDS/IDP)
Disable all removable storage medium on machines that access sensitive data
PCI/DSS Compliance

PCI / DSS Compliance Certification
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. It is extremely important on eCommerce platforms to protect credit card transactions.
Penetration Testing & Security Auditing
By using specialized tools and software we run simulated attacks. Penetration testing will find any vulnerability so that it can be fixed before it is discovered by a nefarious actor. Through network/system probing for vulnerabilities including out of date/end of life (EoL) software/operating systems/devices, open port scanning, running each of the attack tools in our inventory, testing for weak or out dated encryption standards, testing for weak/default passwords, using dictionary and brute force password cracking techniques. Attempt Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks to see if we can slow or deny services. Through reflection/amplification attacks, ping of death, spoofing, buffer overflow attacks, SYN/UDP/ICMP floods, slowloris, mydoom, volume based attacks through LOIC type applications, smurf, nuke, botnets, RUDY, sack panic, shrew, slow read, teardrop, TTL expiry and application layer attacks. We then compile a list of everything we discovered and then patch or close off whatever vulnerabilities were discovered. We recommend doing these tests at least once a year depending on how important cybersecurity is to your organization.
Employee & User Monitoring

Employee & User System Usage Monitoring
Have an employee or user on your network that is acting suspicious? We can monitor their activity real time or analyze their activity later using logs. This can be aimed at a single person, department, location, port, or everything and everyone. We can detect anything from illegal activity, to theft of intellectual property (IP), inappropriate behavior, or activities prohibited while on the clock like shopping or social media usage.
Encryption

Encryption Explained
Encryption is a process that encodes a message or file so that it can be only be read by certain people. Encryption uses an algorithm to scramble or encrypt data. It then uses a key for the receiving party to unscramble or decrypt the information in its encrypted. This unreadable form is referred to as ciphertext. Utilizing a high bit rate cipher increases the number of possibilities making the code harder to crack by guessing referred to as brute force. There are several encryption standards including ECC Elliptic-Curve Cryptography, AES Advanced Encryption Standard, RSA Rivest–Shamir–Adleman and Twofish.
File vs Full Disk Encryption:
Encryption is more vital than ever in these days of constant data breaches. Even when you can’t keep the most determined of hackers or state sponsored attacks out of your network. When encrypting your files or the entire disk AES 256 is considered one of the strongest symmetrical key algorithms. That is the NSA standard for TOP SECRET information but may still fall to the latest threat of quantum computers. For that a lattice-based algorithm is thought to be once of that ways to protect against this emerging technology. The difference between file and full disk encryption is just that file level only encrypts select files where as full disk encrypts the data on the entire hard drive. Full disk does incur a greater impact on performance due to the larger amount of data that needs to be decrypted but will provide greater security by taking longer to brute force attack that larger amount of data versus the individual files of file-based encryption.
Secure Sockets Layer (SSL):
Is a security protocol that creates an encrypted connection between a computer and a Web server. Basically, it’s a series of steps that the browser and the server agree upon that set up the encrypted connection. The way that they do this is by exchanging an SSL certificate using a private and public key signed by a trusted signing authority. This has become so important that google will actually lower the rank of websites not utilizing an up to date properly sign SSL certificate. SSLs can also be used to encrypt email, VPN, SSH and FTP connections.
Transport Layer Security (TLS):
The latest and greatest in email encryption and should be used whenever possible. Performs a function very similar to what SSL does for email just utilizing the latest security technology.
Quantum Encryption:
Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best-known example of quantum cryptography is quantum key distribution which offers an information-theoretically secure solution to the key exchange problem.
Virtual Private Networking (VPN)

Virtual Private Network (VPN) Diagram
By using a VPN device or software you can connect two or more networks together through the internet via an encrypted tunnel. This makes the connected networks act as one by securely sharing resources on either side of the VPN. A VPN also allows one side to act as a default gateway allowing the other side to route their internet connection through that default gateway obscuring their location and anonymizing their internet traffic. VPNs are now also being used to secure traffic as it traverses a local area network (LAN).
Site-to-Site VPN:
A site to site VPN virtually connects two networks using encryption at different locations over the internet. It now acts as one large network from a user’s point of view and they are able to access resources at either location as if they were local. When using a site to site the VPN connection is initiated and maintained at the network layer. The user doesn’t need to perform any action to connect. In most scenarios there is a main office or data center that all the branch offices connect to and this is where all the data / infrastructure is stored. We utilize a site-to-site VPN in almost all of our cloud and data center deployments.
Software VPN:
Uses software installed on the client computer that can then connect to a VPN device usually at the main office or data center using encryption over the internet. No hardware is required on the client end and is an easy way to connect to the office remotely. Generally, the connection is initiated by the user it can be set to do it automatically but this is not preferred unless the device is only used for work.