C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Services
Active Directory
Deployment and
Upgrades
Servers
Remote Access
On this page:
High Availability
NAT
Proxy Server
ISA
DNS
DHCP
Related Links
Wireless LAN resources for Linux
Zone Alarm Internet Security Suite.
Who better than the NSA for advice?
A little known resource, the NSA offers may guides on a range of topics.
Linux Devices
To see a range of devices that run on Linux look at www.linuxdevices.com.
Microsoft Shadow Copy
Microsoft Windows Server 2003 includes Shadow Copies of Shared Folders to help prevent inadvertent loss of data.
linux-wlan project
The goal of the linux-wlan project is to develop a complete, standards based, wireless LAN system using the GNU/Linux operating system.

Server Consolidation

Print view

Today's servers have far more storage capacity, memory and computational power than ever before. If you have not already done so, you should consider upgrading to Windows 2003 Server and consolidating your machines. With a reduction in hardware footprint, improved security, support for modern technologies, higher integration, and lower maintenance and administration costs, a sort term RIO is readily justified. .

At C3SC we can help you with the initial appraisal, justification, and implementation of both software and hardware upgrades.

However, if you do not yet have the need for dedicated devices, a more integrated and economical recommendation is Microsoft's Small Business Server. Designed to meet the needs of smaller and growing businesses, it integrates many of the basic business tools into a single package.

At C3SC we will help you assess your current environment and provide recommendations for an appropriate solution.

High Availability Systems

If you are running critical applications and services, creating a highly available server platform is key. By implementing server clusters single points of failure can be reduced or even eliminated. However, frequently the applications need to know they are running on clustered machines, and have the necessary functionality to make efficient use of this feature. A good example are database applications. Unless transactions are performed in "logical units of work", tables may become out of sync during a fail-over.

Along with improved service availability, a well architected server cluster can also benefit from load balancing. Spreading the processing across two or more machines can give a significant performance boost.

Talk to C3SC to understand more about this option and how your environment would benefit from clustered servers.

NAT

If you have a significant number of people who need concurrent access to the internet, purchasing public IP addresses for each of them may be cost prohibitive. An efficient alternative is implementing a Network Address Translation service. A NAT system allows many users to effectively share the same public address. However, as with other services mentioned here, some applications will either not work at all or need extensive configuring.

At C3SC we have experience with NAT services. Additionally, NAT services can be integrated with other internet services, such as firewalls and VPNs. We will develop the most economical and efficient model for your environment without sacrificing security.

Proxy Server

A Proxy Server can best be described as a gateway to the internet. It reduces your surface area to attack, provides enhanced security and can cache information, reducing the amount of traffic transferred over the Internet connection and improving perceived link performance.

C3SC will install the service and configure servers and desktops alike to use this access portal.

ISA

In the previous paragraphs we outlined some of the services that can be implemented to protect your network from outside attack. What should also be made clear is the level of integration that can exist between these services. Microsofts' Internet Security and Acceleration server brings them all together and is fully integrated with Active Directory.

C3SC will plan the implementation of ISA for your network.

DNS

"A service to translate human readable machine names into machine accessible IP addresses".

Another way to tighten the security of your network infrastructure is to bring your primary DNS server into your organization. It is possible for a hacker to substitute alternative IP addresses in a public DNS. This would redirect a user to a different site that could be posing as the original site. This can be the platform for a phising attack, and users could be tricked into supplying confidential information.

By installing a DNS server within your organization, you can redirect your clients to reference your own machine, and not a public one.

If your network is expanding and you are still using NetBIOS and WINS for name resolution, you will begin to encounter problems in a routed network. Switching to DNS will negate these issues and will scale for future growth.

C3SC will:

  • design your Namespace
  • configure your zone replication
  • integrate it with Active Directory, Linux systems, and WINS as appropriate
  • build and install the DNS server together with any necessary relay agents
  • create a fault tolerant system
  • assist in the integration it with third party systems

DHCP

"A service to dynamically distribute and manage IP addresses to client machines".

If you are still using static IP addresses you will already have encountered the administration problems of maintaining that environment. Aside from the time consuming task, manually entering IP addresses will be subject to human error and can be tricky to accurately diagnose.

C3SC will:

  • create a DHCP topology, accounting for technical, geographical, political, or business boundaries
  • plan and execute the deployment
  • integrate the DHCP servers with your existing network systems
  • provide for a secure and fault tolerant system
▲Top of page
Did you know?
Spam problems?
Microsoft filters out over three billion spam messages a day.
Email is a hackers gateway to your network.
Make sure you have adequately trained your employees in good email hygiene to reduce virus attacks.
Wireless networks are more vulnerable to hackers - so they need additional protection.
Encryption technologies such as Wi-Fi Protected Access can help. Although there are weaknesses with WEP, some legacy systems do not support more modern protocols like WPA, and so WEP is still better than nothing and will deter most casual eavesdropping.
Almost half of all companies surveyed spend less than 2% of their IT budget on security.
And of that figure, 40% spent less than 1% citing the engagement of senior management as a significant obstacle.
Need to grant admin access for a single app to a specific user or group?
Don't just give out root. Use Sudo to define and control admin access to all resources - and you are the admin, do the same thing for yourself. You will be much less likely to step on yourself.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com