Services
Last update: 10/03/2024


Cloud Integration

Cloud Integration is the process of connecting your IT environment to a Cloud Environment or Cloud Service. There are numerous ways in which businesses derive value from a Cloud Integration, here are a few:

  • Moving on prem physical hardware functions to cloud virtual hardware. This can save you costs and allows you to operate various setups that are location-independent. Get rid of on-prem hardware = savings on electrical, cooling, management costs.
  • Provisioning a business critical service, which might be prohibitively expensive or unattainable in on-prem setups.
  • Increasing resiliency for your core services (easy to create backup/alternate solutions).

Businesses that are interested in a more modern and resilient IT setup should seriously consider starting their Cloud Integration. The sooner you start moving your Services to the Cloud, the easier it will be to integrate over time. The advantages offered by Cloud Services are vast and will remain the dominant way of doing things for a long time to come. Examples of Cloud Integration services offered to clients in the past:

  • Automated storage backups to the Cloud.
  • Moving Active Directory to the Cloud to allow On-Prem/Cloud hybrid setups.
  • Cloud Authentication/Authorization mechanism to secure remote connections to business assets such as storage, management interfaces and apps.
  • Private Certificate Server setup.
  • IAM setup.
  • Cloud Performance and Security Assessments.
  • And much more.

Security

Zero Trust

Zero Trust is a IT Security Model which requires authentication and authorization for all transactions, no matter where they originate. Traditionally, connections inside your IT environment were explicitly trusted and only outside connections were heavily scrutinized. This model does not work anymore because there are too many ways to infiltrate an IT environment. Zero Trust architecture works because it does not trust anybody or anything, no matter where it originates from or who it claims to be. There are numerous technologies that can be implemented to bring this Zero Trust model in to your environment:

  • Authenticate all users, including Service Accounts.

  • Authenticate all connections initiated from both inside and outside your IT Environment.

  • Create Roles and give specific Authorization to these Roles. Create a clear separation as to what any individual can see and enforce it with Rules.

Pentesting

Pentesting is an attempt to break in to a system, such as a computer network. It can also refer to simply testing a system for exploitability, such as a vulnerability to code injection or an inability to handle overloads. There are dozens of variations that determine the nature and scope of the Pentest. Here are some:

  • Internal - tests that are performed from within an environment. This is meant to simulate a situation where a malicious actor is already inside of your perimeter.

  • External - tests that are performed from outside an environment trying to break in. Here the attacker tries to probe any entrance points in to an environment.

  • With/Without Credentials - the reach of a pentest can often be determined by the credentials available to the attacker. Some scenarios require a leaked credential to be used in the attack to simulate a real-world situation, such as where an employee gives away their credentials in a sophisticated Social Engineering attack.

  • Automated Scanners - some tests do not require an active attack, but rather an automated scan performed on an endpoint or network. There are numerous pieces of software an attacker can use to scan different parts of your environment. These attacks can be conducted with or without credentials. Some of these attacks can also be "Agressive", meaning they will attempt to run actual exploits or overload systems on purpose.

  • Social Engineering Attacks - social engineering is the act of manipulating an individual, via deception, in to divulging confidential information. With a moderate amount of reconnaissance, an attacker can gather enough information about/around a "subject" or a "target" and can create a plan of action. Social engineering attacks often try to create a sense of urgency, along with providing enough circumstantial information to make their inquiry or order appear legitimate.
Example:
  1. Attacker gathers information about the company leadership. This can be done by searching for company directories, emails domain scanning, social media posts etc.

  2. Attacker sends what seems to be a misdirected invoice to the Finance department of the company. An official email, with the official company signature, responds to the request and says the attacker got the wrong company/email.

  3. Attacker forges a fake email following the structure of the company email with signature. The email will be marked urgent and include a quick blurb about how "Chuck (real person in company discovered via reconnaissance) needs this done ASAP! Currently in meeting!", which will prompt the victim to forego certain checks in the name of expediency.

Social engineering attacks can be very sophisticated. If you have been hit by a social engineering attack or think you are likely to get hit, you can employ a company that runs (safe) Social Engineering attacks on your employees, trains employees on the nature of these attacks and how to spot them, and can also evaluate your environment for potential Social Engineering attack vectors - such as sharing too much information about the company on Social Media.


  • Cloud Penetration - Cloud pentests aim to attack your public-facing cloud infrastructure. This can be done with or without credentials, and usually tries to exploit vulnerabilities in configuration to get access. An improperly configured storage bucket can, for example, give an attacker access to cloud storage, which in turn can give them enough information to pivot deeper in to the cloud environment. There are also user permission misconfigurations that allow an attacker to elevate stolen credentials to a dangerous level of control over your cloud environment.

  • Network Penetration / WIFI hacking - arguably the most fun pentests are the network breaches. There are many ways to breach a network, most often via physical access to unsecured interfaces or poorly configured WIFI. An attacker can plug a small device in to a network port and establish a temporary hold in your environment - this can be mitigated with proper Port Configuration and Physical Access Policies. WIFI hacking can be mitigated by "shaping your signal" (limiting where your WIFI signal reaches), implementing Certificate-based Authentication and Whitelisting known devices. Additionally you can route unknown devices to Guest networks which will prevent internal access on the network-level.

  • Whitebox / Blackbox - an attacker will most often perform reconnaissance against the target to gather useful information. In some instances, the company hiring the pentester does not want them to know anything about the company at all (a blackbox). In fact, all the attacker gets is a powered-down company laptop. The company wants to simulate what happens when a company laptop goes missing. How far can the attacker get?

    A whitebox test is a way to expedite the pentest process. Instead of the attacker performing deep reconnaissance, the company gives the attacker a trove of information, including sometimes credentials. This type of attack aims to see how far the attacker can get inside your environment - this is great for testing your internal safeguards!

  • Hacker skill - the last factor I will mention revolves around skill level. Companies face a large variety of attackers. Some entities hold potentially lucrative confidential information, such as banks, government offices, hospitals and defense companies. A local chain of Auto Dealers might be worried about getting attacked, but they are not worried about being attacked by well-funded, government-protected Nation-State Actors. The Auto Dealers are more worried about local amateurs or at worst a Cartel. Who the company thinks will attack them in large part determines how much effort, skill, time and money needs to be exhausted to perform a pentest with due diligence.

Hardening

Physical Hardware and Mobile Devices

Your physical hardware, especially mobile devices such as smartphones and company laptops, need to be protected from attackers. It is unsafe to assume that a desktop computer in your office is safe from tampering - attackers can gleam a wealth of information from a computer that does not have a screensaver. An exposed desktop shows the attacker what applications you use internally, which gives the attacker a potential vector to attack. Mobile devices need extra scrutiny since, when stolen, a laptop can be broken in to over a long period of time. Even if you encrypt data, a determined attacker can spend months forcing themselves in and can still get to valuable information. Some mobile hardware hardening rules to follow:

-Encrypt your storage (TPM 2.0).
-MFA to access laptop.
-Remote access and wipe capability.
-Endpoint Protection and Monitoring software.



Network Hardening and Wifi Hardening

Company networks are typically a great way for attackers to penetrate in to your environment. A compromised employee computer that shares the same network with a management interface gives the attacker an easy route to elevate their credentials and move up in your environment. You must segment your networks properly to prevent this - if there are no roads to your most valuable assets then an attacker cannot drive to them. WIFI hardening is especially important since it is surprisingly easy to bypass password-only authentication. An experienced attacker will need to make two trips to your business - under whatever pretenses they can reasonably use - one trip to scan your environment for target networks and another trip to drop active traffic, force employee devices to reconnect and in the process steal their connection's handshake. Having your WIFI set up and tested by an experienced technician can prevent misconfigurations and underconfigurations.


Separating Management Interfaces

In a typical Enterprise-grade environment, there are a variety of machines: employee machines, admin machines, servers, storage, camera systems, printers and more. There are also a variety of users: low-level users such as employees, high-level users such as Administration and C Suite, IT employees with varying level of access, and Guests. An attacker will typically aim to compromise a high-level users with a lot of access, such as a Systems Administrator. This is often made difficult by the scrutiny that administrator accounts experience, so an attacker will need to start with a low-level employee and move up. In these instances you want to make sure that the low-level employees of your company do not have network access to the most valuable endpoints - the management interfaces. These are the interfaces that allow you to remotely control and manage your servers, network devices, cameras and storage. Having a clear separation between networks and employee duties allows a company to create an environment where a compromised low-level machine does not directly lead to a compromise of a high-level machine.


Intrusion Detection / Prevention / Logging / SIEM

Some companies, especially those that host public-facing services, are running the risk of being attacked by the Internet. If you are exposing a public IP address to the World, the whole World can see you and attack you. The most simple systems are ones that sit on your network and scan traffic for malicious patterns, These are Intrusion Detection Systems. Some systems allow you to set Rules that perform actions when triggered, such as blocking an IP that attempts to (unsuccessfully) log in to one of your public-facing accounts every two hours. This is an Intrusion Prevention System. When you combine these two systems you get IDPS - Intrusion Detection and Prevention System.

SIEM (Security Information and Event Management) is a more advanced and involved system. SIEM and Logging go hand in hand. A SIEM uses signatures from known threats, aggregated event log data and triggers/rules to identify unusual patters. Much like an IPS, a SIEM can shut down connections, notify admins and perform a variety of actions such as sending suspicious traffic to a locked-down network. A SIEM pulls information from multiple sources (not just limited to network equipment), correlates it and enriches it, presenting a comprehensive view of events in your environment.


Networking

Reliable WIFI

Are you like me? Do you own a warehouse that stores exclusively refrigerators? Is all your shipment/goods scanning done on a hand-held, WIFI-connected device? Are your warehouse workers complaining of poor scanning performance and dropped signal, which is slowing down their work and creates an expensive inefficiency? No? Well neither do I. But I had a client that complained of this very issue and was tired of installing and managing multiple Wireless Access Points. The solution was to map out the dead zones in the warehouse, identify the limitations of the hand-held scanners and purchase a more advanced system that is easier to manage - a Wireless Controller and multiple WAPs from the same manufacturer. With this setup, Access Points are placed in the aisles just-so and managing them is a breeze because all Access Points report to the same Central Controller. The advanced features of the controller also allow you to separate connections automatically based on signal strength and band saturation, leading to a more seamless experience.


Resilience

Businesses today rely heavily on their IT infrastructure. A failure in the system that prevents you from receiving orders, connecting to your business-critical software or reaching your employees can be devastating. Even a few hours of downtime can cost a company deals, or millions in lost revenue. A good technician will recognize the failure points in your network and will address them with resiliency measures.

Making a network more resilient to failure involves creating redundant connections, sometimes even redundant equipment such as backup firewalls, routers and switches. You must also be able to retrieve equipment configurations easily and quickly, in order to restore downed equipment. A logging and reporting system should also be in place to notify administrators of failure or the triggering of a fail-over.


Segmentation

As mentioned above in "Separating Management Interfaces" you do not want everybody to see everybody. Your network is your own personal highway system, and you shape it. If you have a critical piece of infrastructure, you might decide to gate it off. In fact you might decide not to build a road to it at all, but instead build a secret tunnel that is only accessible from your headquarters. If anyone wants to access the infrastructure, they must first gain access to your secure headquarters and only from there would they be able to jump to their target. This is what segmentation aims to do in a network - you are separating the roads that are available. This can stop a slew of attacks, including automated ones like Worms. Segmentation allows you to be more discretionary about who can reach what in your environment.


Storage Solutions

NAS

Network Attached Storage (NAS) is the most widely used storage solution at businesses. They allow you to have a central storage solution so employees can share files more easily. Modern NAS implementations are very advanced and allow for features that were previously only available to more advanced systems such as SANs. Building and configuring a NAS requires a lot of considerations: how much space will we need 10 years from now? Is our NAS resilient? Can it be expanded on the fly? What do we have to do to prevent the NAS from bottlenecking at the network or drive-read/write level? All these questions can be answered by an experienced technician.


SAN

A Storage Area Network (SAN) is the faster, more elaborate and resilient version of a NAS. A SAN serves a different use case than a NAS - a SAN has much greater performance and scalability. Certain tasks require very low latency and extremely fast data access. Any bottlenecking or slowdowns can literally stall your operation. These problems are prevented by using dedicated equipment in a storage-only network so no other network traffic can interfere with connections to storage. All this high-speed equipment and advanced setup is very expensive and requires upkeep by an IT department, so businesses have to weigh their needs versus the cost of such a system.


Cloud

Cloud storage is quickly becoming a favorite for storing data that needs to be accessed remotely. Not all of your data needs to be in the Cloud. In fact some data should explicitly be off the Cloud, not only because it becomes expensive to constantly retrieve it but also because some data is only used locally. Implementing a Cloud Storage solution can greatly enhance your access to company data and comes with modern built-in Authentication and Authorization mechanisms.


Backups

Data backups are extremely important to the continuation of any business. Think about all the documents pertaining to your business - invoices, specifications, agreements, contracts, forms etc. Now also consider the Virtual Machines that provide you Services inside your environment - all these Virtual Machines have images that need to be snapshot and backed up in case of failure. Think of all the configuration files that run your hardware. You also must consider that storing copies of your data locally is not enough - a local hardware failure or a fire can destroy all of your data. Typically, IT departments follow the 3-2-1 Rule - this strategy states that you should have 3 copies of your data - two copies locally on different mediums (such as one copy on disk and another on tape) and a third copy off-site. Speaking from experience, companies do not put in nearly enough resources to secure their files from a disaster. Disaster Recovery in the form of backups is integral - consider having your IT department check your backups regularly. Also consider hiring a third-party to get a fresh pair of eyes on the system and confirm your backups function as intended.


Servers

Physical

Physical servers, although less popular now with the rise of virtual Cloud servers, are still integral for companies that do a lot of computing locally and host their own services. Using someone else's equipment is great when you don't want to be responsible for the equipment, but can be prohibitively expensive for certain types of computing. It's important to recognize what kind of workloads your servers will handle and choose a solution that matches your needs without breaking the bank.

Virtual

Virtual servers typically refer to either virtualized versions of servers hosted on your physical hardware, or it can refer to virtualized versions of servers hosted somewhere outside of your environment, such as with a Cloud Provider. Virtualization is the modern way of handling server infrastructure because it offers multiple benefits such as easy server backups, much easier transfer of servers and an indifference to the underlying hardware. An in-house server virtualized on company equipment can be very easily, for example, transferred to a Cloud environment. Unless your server software requires you to install on bare metal, it is always recommended to virtualize your servers.


Governance, Risk and Compliance

Audits

Audits are an effective way of gaining insight in to an environment. Even if you field a competent staff and trust their judgment, problems can slip through the cracks. Having a third-party evaluate your environment gives you a fresh set of eyes to confirm things you know and push back on things you might not.


Meeting Best Practices

Businesses handling sensitive information are often required, by law, to meet a set of standards to safeguard the sensitive information. In other scenarios, businesses need to establish a structure that can be adhered to and that provides a high level of privacy and security. Implementing and adhering to a pre-established set of guidelines can help businesses grow. Every business that employs more than a few employees needs to have some structure in place and Best Practices Frameworks offer just that. When considering such frameworks, it is advisable to reach out to a professional that knows how to implement these structures.

Professionals can help you stay within a legal framework and actually put safeguards in place that actively fight the breaching of the framework - for example Data Loss Prevention mechanisms, which scan outgoing company emails for sensitive data. We can also help businesses create control mechanisms that allow them to manage users and company equipment more effectively. Even if you are happy with the way your business is running, going through a Best Practices review can open your eyes to inefficiencies that you didn't even know were there.


For any questions pertaining to the services we offer, please do not hesitate to reach out to us at [email protected].