Security can take many forms. Whether you’re talking about a secure physical location for your computers, the network, or the data itself, PBTG can help with every aspect:
- Physical security
- Spyware / Adware / Malware
- Internet site blocking
- Cryptography (encryption)
- File security
- VPN tunnels
- Wireless security
- Software patches
- Server hardening
- Firewalls (Stateful Packet Inspection)
- Social engineering
- Intrusion detection system (IDS)
- Security policies
- Backup procedures
- Proactive monitoring
We can provide a full security overview of your network by analyzing your software, hardware, network and user routines. By factoring your level of risk and your level of concern, we can recommend and implement a security policy to fit the needs of your company. Our monthly maintenance contracts include proactive monitoring and administration of your network to help maintain security.
The Multi-Layered Approach
Any good security plan is multi-layered. You would never want to rely on only one method to entirely secure your network. To use a very old example, consider a castle from the middle-ages. It not only had very high stone walls, but also had a moat, towers, a parapet, and possibly even built on a hill side to provide better defense. All these precautions help to fortify the castle. Your network is not much different.
The First Line of Defense
On the edge of most networks sits the firewall, the first line of defense. The firewall protects the inside network by examining network traffic and only allows data to flow to approved destinations from accepted sources. In this way, most attacks on your network are stopped at the front door. For example, the firewall would allow e-mail from the outside world to flow to your e-mail server, but wouldn’t allow e-mail to flow to your database server. The firewall also performs other functions, such as detecting certain hacking signatures and automatically blocking hackers from scanning your network. Special Intrusion Detection Systems (IDS) can be combined with the firewall to look for signs of malicious activity. IDS uses a deep packet inspection engine and can monitor many servers and services on the network.
The Data Lifeline
For most businesses, keeping data intact and secure is mission critical. We start by examining the server’s file structure, including file and folder permissions. Next, we make recommendations for storing your data more efficiently, thus reducing the amount of administration and upkeep.
File and folder permissions are very important to restrict access only to people that need it. However, this is not enough. Effective security is multi-layered and there are many other things to consider.
Virus protection is paramount. Even a good network-wide anti-virus program won’t do any good unless it’s kept up to date. New vulnerabilities in software are discovered almost daily. Additionally, software patches must be applied periodically to keep hackers from exploiting known vulnerabilities. Servers can also be "hardened". This means that a server is configured to run a minimum amount of software and services, further reducing its vulnerability to attacks.
Today, an astonishing 50% of all e-mail is considered to be unsolicited commercial e-mail, more commonly known as spam. This percentage has been increasing every year. Spam may also lead to users browsing inappropriate web sites or downloading malicious software. Spam and the problems it can cause are serious security concerns. Utilizing good filters on your network can block about 98% of all spam and inappropriate web sites. Not only does this increase productivity, but it can also reduce corporate liability when it comes to offending material.
One of the most widely used new technologies is wireless communications or WiFi. The freedom to roam around the office or home with a wireless data connection is something that everyone loves. However, this new technology also introduces a new security concern: How to transmit wirelessly without having others listen in to your transmissions? WEP, or Wired Equivalent Privacy encryption was developed just for that purpose. At first WEP provided adequate security. However, flaws in the encryption algorithm made it possible to compromise a network within a few hours using the right tools.
A new wireless protocol, called WPA (WiFi Protected Access), has been developed to provide a truly secure wireless environment. WPA is quickly becoming the standard for wireless encryption.
There are also other ways to protect a wireless network. Whatever the need, PBTG can implement a fully secure wireless network for your entire organization.
Engineering for the Socialite
Surprisingly, network users can cause a risk to security without even knowing it. Most people think that the biggest risk comes from hackers using special tools to break through the network perimeter to gain access to sensitive corporate data. This is in fact false.
The easiest way to compromise a network is to simply steal a user’s credentials. This usually involves something called Social Engineering. Quite simply, it means to trick a user into giving up his or her username, password, credit card information or other confidential data. The world’s most famous hackers use this approach very frequently.
Users also may inadvertently install spyware or adware on their computer systems simply by visiting the wrong web site or by following a link that was e-mailed to them. This type of software can record internet browsing habits, collect personal data, or run malicious software on that user’s computer.
The best defense in this situation is to educate your users. Users should know how to avoid these hazards, and how to create and maintain secure passwords. PBTG can setup training sessions in small groups or individually to go over computer and networking best practices.
Communication of sensitive information over the internet is sometimes necessary. PBTG can setup secure encrypted data communication using the latest cryptographic technology, such as DES (Data Encryption Standard), 3DES (Triple DES), or AES (Advanced Encryption Standard). Whether it’s transferring data between multiple office locations, between your home and office, or collecting personal or financial information over a web page, PBTG can get it done. We support Secure Sockets Layer (SSL) certificates, VPN tunnels as well as other forms of encrypted communications.
What If Something Goes Wrong?
Of course, if something should go wrong on the network, you should always be able to go back to a recent backup. PBTG can work with you to setup a backup strategy that will ensure that you can always go back and keep your data safe. In the unfortunate event of a true disaster, PBTG is ready to rebuild your server and network to get you back up and running in as short a time as possible.