We support you in securing your IT environment and introducing technical and organizational measures to ward off malware and cybercrime.
Firewalls are basic building blocks for securing IT infrastructure. In addition to classic network access control, Next Generation firewalls are increasingly controlling the content of data streams. A special feature for the analysis of special data streams are the web application firewalls and database firewalls. Web application firewalls protect complex web applications from attacks and are able to prevent the exploitation of unknown errors in these applications. Database firewalls have full visibility of traffic, reducing the vulnerability of unpatched database servers and stopping complex targeted attacks. It prevents costly data breaches by reliably protecting your databases from attacks, data loss, and theft. Firewalls policies are becoming more complex as the size of the network increases. Therefore, high demands are made on the user-friendliness and clarity of the management interface in order to rule out errors in the administration as far as possible.
We use pfSense firewalls, which are characterized by an excellent price / performance ratio.
In addition to the attacks on the lower network levels, more and more applications are being attacked today. Next Generation Threat Prevention combines several methods to protect applications and endpoints, e.g. Antivirus, Antibot, IPS, application control and URL filtering to prevent new attacks and exploit previously unknown vulnerabilities. Next Generation Threat Prevention provides through processes such as Sandboxing very high demands on IT resources. Therefore, a close integration with the network firewall makes sense, in order to block the source of the attacks in the future at network level.
Content security includes a system that stands between user and Internet. This filters out unwanted content – both incoming and outgoing. This can be web traffic and email traffic. As a rule, manufacturers of IT security solutions understand the following components under a content security strategy:
Untersuchung von Webseiten auf Schadcode
The exploitation of vulnerabilities by attackers such as Cross-site scripting is a common way to smuggle malicious code into enterprise networks. A content security solution analyzes the traffic, detects changed content and protects the user from an infection.
Categorization of web pages
When categorizing websites, it is on the one hand to deposit in the content security policy that certain categories of websites may not be called (subject categorization such as shopping portals, online games, …) and on the other hand to legal requirements for, for example, underage employees fulfill.
Investigation of emails on malicious code
Malicious code can be injected into emails in the form of links to infected pages, malware in attachments (such as PDF, JPEG, Zip files, etc.) or phishing emails for spying on personal data, passwords, etc. in the corporate network. As a result, a content security solution usually also includes a module that analyzes and possibly blocks e-mail content.
Authentication is a process that determines whether a person or a system is what he or she pretends to be. In real life, we distinguish ourselves by signatures, identity cards and cards. Simple authentication is usually done with username and password, which is easily attacked. Therefore, stronger mechanisms such as certificates, biometrics or tokens are used. The secure operation of VPNs and access to networks requires certificates or two-factor authentication. In two factor authentication, what you know (e.g., password or PIN) is combined with something you are or have (e.g., biometrics, tokens, or cards). In connection with the “authentication”, the term “authentication” often appears as well. “Authentication” means that a person or machine must identify himself to a communication partner. A user authenticates himself to a computer / server etc.
A Wide Area Network (WAN) is a computer network that, unlike a LAN or MAN, covers a very large geographical area. The number of connected computers is unlimited. WANs span across countries or even continents. WANs are used to connect different LANs as well as individual computers. Some WANs are owned and used by specific organizations. Other WANs are being built or expanded by Internet service providers to provide access to the Internet.
For inter-site networking, more and more Internet is being used today instead of dedicated point-to-point connections. This is realized with the help of VPNs, which also encrypt the traffic and thus ensure the integrity and confidentiality of the data. Likewise with VPNs the access of mobile terminals on the company infrastructure is realized. Use your resources company-wide and integrate branch offices, home offices or even suppliers and partners into your own network. A VPN is compared to leased lines a much cheaper alternative and therefore the most widely used option to integrate these decentralized locations firewall-secured in their own network.
Contact our sales team. We are happy to help and are available for live demos of our products at any time.