We consider physical and logical security within an organization to be a critical consideration in the planning and implementation of infrastructure solutions. For connecting remote points together across a Wide Area Network, encrypted VPN site-to-site tunnels are used to protect data flow. Additional considerations are required for logical security at the primary site to analyze traffic patterns and employ threat detection algorithms. Firewalls on the aggregate layer are designed with permanent static ACLs but also implement dynamic ACLs propagated by border IDS automation. Application layer protection is also implemented using proxies between the border and internal application servers for specific protocol filtering, with suspicious states being marked and tagged upstream for elevated IDS awareness.
A strong consideration for advanced security design includes the use of encryption services to protect critical data. We employ the use of encryption services both within network layer and local layer infrastructure to offer protection against remote and local threats. Deployments requiring frequent data replication across multiple geographic locations would benefit from encrypted tunnels across MPLS/VPLS circuits where edge security appliances are placed at each point. When working with remote devices which cannot be covered under traditional physical security standards, we mitigate risk by securing locally stored data with powerful encryption and multi-factor authentication systems.
Altexxa Group believes strongly in encryption services to protect all corporate data traveling over wide area networks, while also ensuring local security considerations are met. Encryption and multi-factor authentication systems provide protection for organizations and critical data.
A key component in a high security model is the intrusion prevention layer. An IPS will provide filtering for known attack patterns and also enforce ACLs. In a high security model, the IPS will also be driven by a border IDS employing advanced algorithms for threat detection. Heavy importance is also placed on strong ACLs to ensure applications are protected from unauthorized users. This can be achieved with a split ACL model and division of security levels across separate network segments.
Altexxa Group works primarily with Sophos UTM and Cisco ASA deployments, with custom designed BSD based border threat detection systems. Our border IDS performs fast assessment and intelligent flagging for undetermined anomalies to further investigate patterns.
Advanced security implementation at the primary site utilizes a split ACL model which segregates network layers based on access requirements. In addition to ACLs and IPS within the firewall appliances, edge border filtering is added to detect traffic anomalies. Altexxa Group uses a BSD based filtering solution at the border which ties in with our standard aggregate layer protection. Communication over WAN with remote branches is done with site-to-site encrypted VPN tunnels between edge firewall appliances with ACL considerations to protect primary site assets. Additional protection utilizing data encryption methods can be implemented for remote devices to mitigate theft risk. We employ the use of multi-factor authentication combined with profile driven ACLs to ensure data integrity.
Copyright 2015 Altexxa GroupAll Rights Reserved
Back to the top