These services include security audits, vulnerability assessment, VPN implementation, perimeter and desktop security, password management systems, encryption, removable disc policy, intrusion prevention, WAN/VPN accelerators, security information and event management and content filtering.
Our experienced security specialists have implemented systems for the major players in the local financial and banking sectors, ISPs, hospitality companies, carrier and telecom companies, the transport sector and other major local and international companies.
Furthermore, Computime’s engineers have trained people from a number of different countries in various security technologies and solutions.
Network Security Solutions
Perimeter Firewalls –
Many organisations segregate network traffic depending on business rules and hence different levels of access. Network traffic can be categorised in two forms, namely external and internal traffic. External or non-trusted traffic is all traffic activity that originates from outside your network. Internal traffic is what happens inside your network boundary. A perimeter firewall is used to segregate and control these two types of traffic. This protects your network from hackers on the internet who target your systems to access your information. Internal traffic can be further subdivided into various categories. For instance servers hosting services such as web or email accessible from the internet are located in a demilitarized zone normally abbreviated to DMZ. Your internal servers running databases and storing user documents are located in dedicated segments away from end user networks or subnets connected to wireless access points setup to give temporary guest access. Firewalls also serve as a means of controlling this internal traffic through access policies with organisational access requirements.
Intrusion Detection / Prevention –
Think of firewalls as systems which control which door is left open or closed. On their own, firewalls do not control what passes through that door once it is open. An intrusion prevention system works in conjunction with a firewall so that it validates whether traffic is legitimate or malicious. Intrusion detection appliances make use of highly specialised hardware to ensure the right protection during packet inspection without impacting network performance with unnecessary latency. These appliances are more commonly referred to as network-based IPS (NIPS). Other types of IPS exist; host based IPS (HIPS) whereby the intrusion prevention application runs on server or client hosts.
VPNs User Connectivity –
It is very common for organisations to interconnect different branches and to give access to internal resources and information to remote users. This is done using what are known as virtual private networks, abbreviated to VPNs. These are networks that allow remote locations to connect using insecure communications mediums such as the Internet. Apart from connectivity, VPNs must allow for confidentiality of data during transport to ensure that data cannot be read if captured during transit, integrity to ensure that information is not changed while being transmitted and also authentication to ensure remote parties communicate with who they intend to. Remote branches use the Internet Protocol Security (IPsec) protocol for VPN connectivity. Connecting remote users to your network can be done in various ways. One method is to install what is known as a vpn client on the user’s host. These clients are usually configured with IPsec combined with server certificates to give the required network connectivity. Another method that is becoming increasingly popular is using Secure Sockets Layer (SSL) VPNs. This method is especially useful when specialised client software cannot be installed and hence access to internal information is provided using applications that are commonly found on the end-users’s system, such as the web browser. Nowadays it is becoming increasingly popular to ensure that before remote clients are given access to an internal resource, the client is first checked to ensure that it is free from any malware content. Failure to comply with a number of predefined security measures, such as latest updates for malware protection software, operating system updates or personal firewall activation, would deny any access unless these measures are adhered to.
Security Information and Event Management (SIEM) –
Security Information and Event Management deployments are driven by two main requirements – the need for both added security monitoring capabilities plus address regulatory compliance issues. SIEM solutions collect logs from network and server systems to provide log archiving and reporting, plus real-time analysis and correlation of collected data. This allows for visibility of activity within the whole IT infrastructure, originating from both internal and external network access.
Shared Account Password Management (SAPM) –
Access to any IT system, be it a server operating system, network appliance or firewall, is controlled by privileged accounts. These accounts are traditionally managed using strong passwords and manual activation and deactivation. Shared Account Password Managements (SAPM) solutions address the security limitations and threats posed by such methods by allowing IT administrators to automate privileged account policies and apply these to their IT systems. These policies allow for strong passwords to be regularly changed and stored in secure password vaults, provide unique identities to each individual administrator, centralise and limit host access based on the strict requirement access levels, plus provide measures of identifying who used privileged accounts.
Multifactor Authentication –
The use of multi-factor authentication is also becoming extremely important, especially in highly sensitive environments. Multi-factor authentication adds an extra level of security by not limiting this to a simple username and password combination. An undetected keylogger installed on the remote host would record the authentication credentials of the remote user and hence enabling the opportunity for unauthorised access. Multifactor authentication methods include the use of USB tokens, authentication tokens that display a new code either on demand or every few seconds, using an authentication matrix for use during a challenge response authentication process, using host fingerprinting that allows for authentication to be performed only from specified hosts, or SMS authentication whereby access codes are sent directly to your mobile phone.
Endpoint Security Solutions
Apart from disk encryption, endpoint security provides network and application firewalls that control how users can access different applications and also which applications are allowed to process and send information. This would for instance protect users from accidentally running malicious code that sends confidential information to non-intended recipients.
Control of information flow from removable media and usb keys is also important. With today’s solutions one is not just limited to blocking all interface capabilities of the endpoint (for instance disabling usb interfaces) which might result in an annoyance to the end-user. There are ways and means to identify the types of devices that are being used, for instance certain types of usb keys but not others. Systems can thus be configured to protect information stored on this media by means of encryption to avoid data leakage in case this media is displaced.
At the highest level, one can also choose to monitor the content of the information within recognised filetypes and control the flow based on the level of confidentiality this was classified to.
Content & Data Security Solutions
The term content filtering is usually associated with traffic that needs to be inspected whilst crossing internet boundaries. The two most common sources of internet activities that require filtering are email and web. Without adequate protection end-users can become very easy targets for all sorts of malicious activities. These malicious activities include viruses, trojan horses, worms, spyware, spam, malicious mobile code, phishing attacks, bots and keylogger backchannel communications. Ideally these attacks are filtered both at the perimeter and also on servers and end-user systems. Through email filtering, for instance, a dedicated system receives all email traffic and performs many types of filtering methods such as content-encoding, regular expressions and proximity.
Similarly, web filtering solutions can be used to integrate with directory access databases to identify system users and control internet web access from malicious activities resulting from applications, URLs and protocols. Modern perimeter firewalls are also usually equipped with what is known as Unified Threat Management (UTM) which combine these filtering features and serve as a first line of defence against such threats.
Although it is extremely important to plug these detection systems on networks, this does not eliminate the need for specialised anti-malware software, more traditionally known as anti-virus, that is installed on servers and end-point systems.
Data Leakage Prevention
Securing data access based on the type of data being accessed is one of today’s major challenges. Data Leakage Prevention (DLP) solutions prevent confidential information from being deliberately or accidentally leaked out of an organisation. These solutions operate by scanning network traffic and activity on endpoint systems to identify, monitor and protect confidential data. Visibility is required over the level of data confidentiality, the method used for data transfer (SMTP or file transfer for instance), data transfer destination, who is performing the transfer, and provisions taken to ensure data is properly secured.
IT Security Audits and Consultancy –
Computime can help organisations manage their IT Security infrastructure and requirements through carefully planned Corporate Security Surveys. Analysis on our findings will help us identify weaknesses within an organisation, such as network security, information leakages, risk transfer, disaster recovery, monitoring and server hardening amongst others. Clients are provided with reports highlighting these weaknesses plus all the associated risks and solutions that will allow for security issues to be properly addressed.
Payment Card Industry Data Security Standard (PCI DSS) –
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. The core requirements to achieve PCI compliance can be found on: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml