We are vaccinating your ICT environment
The ICT domain of cyber security is now recognized in the industry. Since data leaking of some Web leaders (such as LinkedIn or Yahoo!) the revelations of Edward Snowden have been a thunderclap in the industry. Belgium has not been spared: the story of Belgacom-Bics, the piracy of the Ministry of Foreign Affairs, multiple DDoS attacks against several federal websites… and many other cases which have not been publicly disclosed.
The impact and costs of cyber crime for enterprises in Belgium constantly increase every year. To fight cyber-crime, ensure confidentiality, integrity and availability of data inside enterprise, OFEP is assisting enterprises and has solutions how to vaccinate your ICT environment.
Installation, configuration and management of firewalls
Firewalls have a key role in network security of your organization.
Nowadays firewalls are not limited anymore to filtering ports based on ip addresses, they are in state to interact at application levels. Moreover, data-streams can be filtered and suspicious flows can be blocked.
Viruses and malware can also be filtered at network level even before the malicious code is reaching server or computer in your organization.
Those firewalls, called NGFW (Next Generation Firewall) are essential to protect organization against cyber attacks and malware which everyday get more numerous and more aggressive.
- Installation of firewalls (design, cabling, definition of interfaces and zones, routing, firewall rules)
- Choice of equipment following environment (main datacenter, remote site etc.) and customer’s needs
- Creation of zones adapted to security profiles and risks (such as Internet zones, DMZ, Guest, Intranet, Extranet, PCI/DSS)
- Replacement of existing firewall by a new Next Generation firewall
- Firewalls upgrade (firmware or End Of Life hardware)
- Audit of firewall rules (rules shadowing, obsolete rules, invalid rules)
- Audit of global configuration (zone, routing, monitoring, performances, logging)
- Activating IDS or IPS mode in firewall to detect or block cyber attacks
- Apply security policies by blocking unsolicited applications (such as YouTube, BitTorrent, Skype, Facebook, P2P, Tor) and not only based on TCP/UDP ports
- Prioritize some types of data-streams. This includes real time or critical traffic (such as VoIP, video traffic, conferencing, critical time sensitive applications) which must not be impacted by batch transfers or less critical traffic (such as emails, backup traffic)
- Integration with Enterprise Directory service (such as LDAP, Active Directory) to create firewall rules based on roles or groups of users and not only based on IP addresses
- Virtualize several physical firewalls to decrease cost of maintaining multiple physical firewalls, allow easier deployment of virtual firewall and stronger segregations between different environments, which allows to migrate existing infrastructure without impacting architecture or current design.
- Configure dynamic routing (such as BGP, OSPF) or specific routing rules (track-ip, policy based routing)
- Setup a redundant or fail-over design (for example with 2 internet lines: fiber and GSM/4G as backup)
- Full management of firewalls with support contract (add, modify, delete rules, routing, monitoring of the clusters, monitoring of the CPU/memory/active sessions, alarms such as virus or critical attacks, monitoring and management of VPN between sites or to your partners)
Secure network links to your different sites, sister companies or partnerships
Your organization is growing and extending on multiple sites. All teams need to have same way whatever site they are working on..
Thanks to technology of secure VPN’s, we are able to setup secure links through leased lines or through Internet lines. This allows your organization to work together, in safety, from wherever employees are using it.
Thanks to this technology, you staff can use enterprise applications, print documents on remote printer in office or open documents stored remotely and, in general, work as a team.
Next to business features, we can monitor infrastructure’s health and detect all potential breakdowns. For critical sites, we can setup redundant connectivity, even if primary line is down your staff can continue to work without consequences, thanks to redundant Internet line.
To ensure security, we can filter viruses and network attacks on inter-site links, detect and block any malware propagation. These features are particularly relevant when you setup a link to partner or sister companies which are not under same governance and where security policies are different.
- Installation of new VPN boxes (design, cabling, definition of interfaces and zones, routing)
- Upgrade of existing VPN boxes (firmware or replacement of End of Life hardware)
- Design and configuration of solution with redundant Internet lines and redundant VPN boxes. We can use the 3G/4G as backup line to ensure maximum of redundancy and avoid costly subscription for second line
- Audit of global configuration (zones, routing, monitoring, performances, logging)
- Solution for NAT problems, ip clash
- Support contract and daily management of VPN boxes
SSL VPN or remote access to your internal resources
Nowadays to succeed in business, it’s primordial to quickly access your business data when you need it. Your staff can be working from home sometimes, your sales team are spending most of their time visiting customers. Do they have same capacities to access business data as when they are sitting at their desks ? Thanks to SSL VPN, you can remotely access information you need, when you want it, and in a safe way. Forget USB sticks, documents stored in your mailbox or local copies on your laptop made in order to access them when you are out of office.
Some use cases:
You would like to print a document from your laptop at home on a printer in secretary office.
You would like to check current stocks of product while negotiating an order with your customer.
You need to read last version of a document stored on a server of your organization.
Some of your employees need to work from home several days a week.
The SSL VPN is a solution for all these problems !
Moreover, you can technically access data from your computer, from another computer or from smartphone or a tablet.
- Installation of a SSL VPN solution (design, cabling, configurations, profiles)
- Upgrade of existing SSL VPN solution (firmware, insecure such as PPTP or replacement of End of Life hardware)
- Configuration of authentication methods (based on login/password, Enterprise directory such as Active Directory authentication)
- Strong authentication (One Time Password; Google Authentication, RSA or integration with other strong authentication solutions)
- Creation of access rules based on group or roles (director, sales, accountants)
- Creation of rules to filter computers allowed to connect (validate antivirus updates, restrict access to computers of organization)
- Setup access from smartphones and tablets (Android, Windows Phone and Apple)
- Support contract and daily management of SSL VPN solutions
Internet filtering or how to improve productivity
How much do you evaluate productivity loss from employees’ surfing websites which are not business related ? Next to productivity loss, some malicious websites can distribute malware and infect your computers.
Filtering Internet access from corporate computer is a basic requirement to ensure a minimum security level.
Particularly, setting up Internet filtering can solve multiple issues:
- Block sites and applications related to illegal downloads (such as P2P, Bittorrent, Newsgroups). This kind of traffic is not related to business activities and can have negative impact on performance of legitimate traffic
- Block some evasive target applications (such as Skype, Google Talk, Teamviewer, Logmein) to enforce your security policies
- Block viruses and malware at network level, even before it’s downloaded on a computer or server
- Accelerate surf by setting up local cache for frequent visited websites
- Reporting traffic and categories of visited websites and evolution of usage of your Internet line
Get in Touch
Subscribe and stay up-to-date on the latest improvements and services.