Cybersecurity has become more important than ever. With the massive attack ad breach of 18,000 US companies, organizations and government agencies. How can small business stand a chance? Vontainment incorporates enterprise and military grade security in all our projects. We build high secure networks, websites, servers, cloud services and more. How do we bring this high level of security at a price a small business can afford? We employ the work of the open source community. Brilliant programmers from around the globe working together on building free open source solutions that can match if not regularly beat commercial options.
What Is Open Source? Why Is It Key To Cyber Security?
Open Source means free software that publicly displays and makes available the source code. Anyone can take the code and help progress the software or give it their own spin. It also means we can all see any vulnerabilities, backdoors, malware or other problems. Open Source software is globally vetted by its use base, meaning you know it’s safe. Some of the most know software is open source.
WordPress: It makes up almost 40% of all websites.
VLC Player: Most popular video player.
Openssh: Basically it’s on almost every server globally since 1999.
Linux: The operating system that runs most servers and who Android, iOS and Mac OS are built from.
PHP: PHP is used by 78.9% of all websites with a known server-side programming language. So almost 8 out of every 10 websites that you visit on the Internet are using PHP in some way.
Chrome and Firefox: Together these open source browsers make up 95% of browser usage.
Websites, Ecommerce And cloud Services Security
Your digital world is under attack at all time. Any server or service exposed to the internet is pinged, probed and tested by “bots”. We know that even Port Charlotte, Punta Gorda North Port, Sarasota, Fort Myers and Cape Coral small businesses are just as vulnerable as NYC mega corps. We take steps to ensure you are not an easy target.
All our websites feature multi layered security. We employ 3 firewalls for powerful defense. At the server level we use IPtables the standard in Linux security only allowing the minimal ports needed to supply services open. The second at the network level used to block access to ports running administration services to all but whitelisted IPs. We use Cloudflare in front of every site to filter bad traffic and bots. Cloudflare also allows us to block access by continent and country; keeping overseas cyberattackers away when applicable. As well as enabling Quic protocol and other site accelerating features. When a clients need and business practices requires their access, we can apply a white or black list to the services but country instead. Only allowing American traffic to admin pages or blocking a problem county.
We also employ fail2ban on all servers. This application watches firewall logs for repeated failed login attempts to all running services and bands the IP for an extended time. We use ed25519 elliptical cryptography keys instead of passwords wherever possible.
With Russia and China being the main sources of cyberattacks; usually in the form of “bots” that test servers and websites for weaknesses. We have the option of blocking all traffic from one or both countries IP ranges. Though it’s entirely dependent on a business to business case as some clients may need access option to one or both countries. We also employ a crowdsourced IP ban lists that auto updates with the IPs of current now attacks. As mentioned above most administration is locked to our IP addresses. If a client who has a more hands-on approach or mattering on the type of service provided needs partial or full access to these areas we are happy to get you set up.
Powerful Cyber Security
At the website level we employ a WAF or web application firewall. It is called into action on every page load that is not static HTML. It filters a long list of attacks, blocks access to anyone trying to log in to the admin repeatedly, Also scans the websites frameworks files and compares them byte for byte to the official repository to make sure no core file have been altered by hackers, as well as scanning all other files for malicious code.
Our remote servers periodically scan all clients servers for malware and because we can’t claim 100% unbeatable security (no one can) all websites are backed up daily both to the local server and remotely to ours. We keep a rotating 5 days of backups. If you run on Digital Oceans we also back up the server fully daily at midnight and keep a rotating 3 backups. We can redeploy a hacked site in under 5 minutes.
When We set up cloud services we only use the most secure and trusted frameworks and employ the appropriate defenses mentioned above based on the service, location and type. We have so far not had a single client hacked in our 20 years of web design, and in the last 10 years of network and cloud services we have not yet had a breach in our security.
Servers, Data And Preventing Cyber Attacks
Our recommended host for websites and cloud services not located on premise is Digital Ocean. For web design clients who use our suggested host and technologies. We set up web servers on Digital Ocean capable of 500k to 750k if visitors over the course of a day with no issue. These servers run all open source software. The key components MySQL, PHP and Apache web server. We hide these behind a Nginx reverse proxy. This allows us to make the backend services such as PHP, MySQL, Redis and others only available through Unix Sockets vs TCP ports. (TCP is internet ports leaving just your firewall for defense, Unix sockets can only be connected to by the host computer. They are also 20% faster.)
The Most Trusted Software
The Nginx reverse proxy is a powerful tool not only in cybersecurity but in making your site lighting fast. Unlike normal where websites dynamically rebuild each page loads. Nginx server static content to areas not changed. It’s able to do as much for page speed as it is security. It blocks access to files that contain sensitive information or could be used to attack.
End To End Encryption
All our sites, applications or servers employ top end-to-end encryption. Either your data goes where it was meant to or someone will just see gibberish. We use Linux user account and file permissions to appropriately keep you safe. This usually allows for a safer experience. It also prevents any possible hackers gaining access.
We use 3 layers of backups for redundancy meaning we can have you back up in a few minutes with minimal data loss. We only use secure encrypted versions of protocols like SFTP or ftps (yes two different things) The email software we use its protected from spammer access with rate limits found appropriate for your usage. For mail servers that handle both sending and receiving of mail@yourdomain we only have encrypted ports available as to not risk passwords over plain text. We also use new mail DNS to prevent spoofing by spammers. DMARC passes or fails a message based on whether the message’s From: header matches the sending domain, when SPF or DKIM checks the message.
Networking, Computers, And Other Services At Your Location
We always build secure systems and networks. Using advanced firewalls to protect internal networks as well as intrusion detection and only allowing external access to local services remotely by way of reverse proxy.
A reverse proxy is a server that fetches requests from local services and delivers them to users at remote locations with end-to-end encryption, powerful authentication and dedication to security. The proxy acts as a gateway for remote users to access local services on a network. With only one point of entry we are able to beef up the security at that point making anyone who wants access who is unauthorized having to work very hard to get anywhere. Since a proxy is not interacted with like a workstation, reading emails or surfing the web its low risk for malware that could bypass security.
We try to avoid VNC and other remote desktops and VPN (virtual private networks) like OpenVPN and IPsec. These are frequently targeted as weak points. Though they are needed under some circumstances. If they are, we employ them in advanced and secure methods. We only use WireGuard VPN as it is fast, secure, open source and is only 40k lines of code vs OpenVPN millions. We protect remote desktop services with WireGuard or reverse proxies to make sure there is a secure gateway between computers and the internet.
Our Core Values Are Security Oriented
You can feel safe with us! We follow every rule and guideline for security as well as going above and beyond. We employ the best security as well as making it transparent, automatic and affectless of your user experience. Furthermore, we stay ahead of our competition using the newest tech. We take your security serious and don’t let our pride cause disaster. We can’t say that our services provide hacker proof 100% secure systems. No one can, as good as We are We know there is someone better. What we can guarantee is our best work.
Cybersecurity is at the core of our business. We specialize in open source software, modern tech, fast optimized code, standards compliant work and in that you can make a statement without going over the top. That is why our designs are minimalistic but eye catching. Our core philosophies don’t make our work hack proof, but they do lower the attack surface.
Our security measures are best when projects are done with our recommended software, hosts, and 3rd party services. Though we understand that you may know what you want, and it may not fit our recommendations. We will always work hard to keep your secure and yet create your desired project. So if you’re looking to get a new website, cloud application or looking for cybersecurity consulting, please give Us a call!!
Are you interested in getting a personalized quote on the services you desire or in setting up a free meeting to discuss your needs and options?