Cyber security has become more important than ever. With the massive attack ad breach of 18,000 US companies, organizations and government agencies.How can small business stand a chance? Vontainment incorporates enterprise and military grade security in all our projects. We build high secure networks, websites, servers, cloud services and more. How to we bring this high level of security at a price small business can afford? We employ the work of the open source community. Brilliant programmers from around the globe working together on building free open source solutions that can match if not regularly beat commercial options.
What Is Open Source? Why Is It Key To Cyber Security?
Open Source means free software that publicly displays and makes available the source code. anyone can take the code and help progress the software or give it their own spin. It also means we can all see any vulnerabilities, backdoors, malware or other problems. Open Source software is globally vetted by it’s use base, meaning you know its safe. Some of the most know software is open source.
WordPress: It makes up almost 40% of all websites.
VLC Player: Most popular video player.
Openssh: Basically it’s on almost every server globally since 1999.
Linux: The operating system that runs most servers and who Android, iOS and Mac OS are built from.
PHP: PHP is used by 78.9% of all websites with a known server-side programming language. So almost 8 out of every 10 websites that you visit on the Internet are using PHP in some way.
Chrome and Firefox: Together these open source browsers make up 95% of browser usage.
Websites, Ecommerce And cloud Services Security
All our websites feature multi layered security. We employ 2 firewalls for powerful defence. At the server level we use IPtables the standard in Linux security only allowing the minimal ports needed to supply services open. The second at the network level used to block access to ports running administration services to all but whitelisted IPs. We use Cloudflare in front of every site to filter bad traffic and bots. As well as enabling Quic protocol and other site accelerating features.
We also employ fail2ban on all servers. This application watches firewall logs for repeated failed login attempts to all running services and bands the IP for an extended time. We use ed25519 elliptical cryptography keys instead of passwords wherever possible.
With Russia and China being the main sources of cyber attacks; usually in the form of “bots” that test servers and websites for weaknesses. We have the option of blocking all traffic from one or both countries IP ranges. Though is is entirely dependant on a business to business case as some clients may need access option to one or both countries. We also employ a croudsorces IP bad list that auto updates with the ips of current know attacks. As mentioned above most administration is locked to Our ip addresses, under some circumstances clients who have a more hands on approach or mattering on the type of service provided may need partial or full access to these areas. When a clients needs and business practices requires thier access, we can apply a white or black list to the services but Country instead. Only allowing American traffic to admin pages or blocking a problem county.
Powerful Cyber Security
At the web site level we employ a WAF or web application firewall. It is called into action on every page load that is not static html. It filters a long list of attacks, blocks access to anyone trying to log in to the admin repeatedly, Also scans the websites frameworks files and compares them byte for byte to the official repository to make sure no core file have been altered by hackers, as well as scanning all other files for malicious code.
Our remote servers periodically scan all clients servers for malware and because we can’t claim 100% unbeatable security (no one can) all websites are backed up daily both to the local server and remotely to ours. We keep a rotating 5 days of backups. If you run on Digital Oceans we also backup the server fully daily at midnight and keep a rotating 3 backups. We can redeploy a hacked site in under 5 minuets.
When We set up cloud services we only use the most secure and trusted frameworks and employ the appropriate defences mentioned above based on the service, location and type. We have so far not had a single client hacked in our 20 years of web design, and in the last 10 years of network and cloud services we have not yet had a breach in our security.
Servers, Data And Preventing Cyber Attacks
Our recommended host for websites and cloud services not located on premise is Digital Ocean. For web design clients who use our suggested host and technologies. We setup web servers on Digital Ocean capable of 500k to 750k if visitors over the course of a day with no issue. These servers run all open source software. The key components MySQL, PHP and Apache web server. We hide these behind an Nginx reverse proxy. This allows us to make the backend services such as PHP, Mysql, Redis and others only available through Unix Sockets vs TCP ports. (TCP is internet ports leaving just your firewall for defence, Unix sockets can only be connected to by the host computer. They are also 20% faster.)
The Most Trusted Software
The Nginx reverse proxy is a powerful tool not only in cyber security but in making your site lighting fast. Unlike normal where websites dynamically rebuild the each page loads. Nginx server static content to areas not changed. Its able to do as much for page speed as it is security. It blocks access to files that contain sensitive information or could be used to attack.
End To End Encryption
All our sites, applications or servers employ top end to end encryption. Either your data goes where it was meant to or someone will just see gibberish. We use linux user account and file permissions to appropriately keep you safe. This usually allows for a safer experience. It also prevents any possible hackers gaining access.
We use 3 layed backups for redundancy meaning we can have you back up in a few minutes with minimal data loss. We only use secure encrypted versions of protocols like sftp or ftps (yes two different things) The email software we use is is protected from spammer access with rate limits found appropriate for your usage. For mail servers that handle both sending and receiving of mail@yourdomain we only have encrypted ports available as to not risk passwords over plain text. We also use new mail DNS to prevent spoofing by spammers. DMARC passes or fails a message based on whether the message’s From: header matches the sending domain, when SPF or DKIM checks the message.
Networking, Computers, And Other Services At Your Location
We always build secure systems and networks. Using advanced firewalls to protect internal networks as well as intrusion detection and only allowing external access to local services remotely by way of reverse proxy.
A reverse proxy is a server that fetches requests from local services and delivers them to users at remote locations with end-to-end encryption, powerful authentication and dedication to security. The proxy acts as a gateway for remote users to access local services on a network. with only one point of entry we are able to beef up the security at that point making anyone who wants access who is unauthorized having to work very hard to get anywhere. Sice a proxy is not interacted with like a workstation, reading emails or surfing the web its low risk for malware that could bypass security.
We try to avoid VNC and other remote desktops and VPN (virtual private networks) like OpenVPN and IPsec. These are frequently targeted as weak points. Though they are needed under some circumstances. If they are we employ them in advanced and secure methods. We only use Wireguard VPN as it is fast, secure, open source and is only 40k lines of code vs OpenVPNs millions. We protect remote desktop services with wireguard or reverse proxies to make sure there is a secure gateway between computers and the internet.
Our Core Values Are Security Oriented
You can feel safe with us! We follow every rule and guideline for security as well as going above and beyond. We employ the best security as well as making it transparent, automatic and effectless of you user experience. We stay ahead of our competition using the newest tech. We take your security serious and don’t let our pride cause disaster. We can’t say that our services provide hackerproof 100% secure systems. No one can, as good as We are We know there is someone better. What we can guarantee is our best work.
Cyber Security is at the core of our business. We specialise in open source software, modern tech, fast optimised code, standards compliant work and in that you can make a statement without going over the top. That is why our designs are minimalistic but eye catching. Our core philosophies don’t make our work hack proof but they do lower the attack surface.
Our security measures are best when projects are done with our recommended software, hosts, and 3rd party services. Though we understand that you may know what you want and it may not fit our recommendations. We will always work hard to keep your secure and yet create your desired project. So if your looking to get a new website, cloud application or looking for cyber security consulting, please give Us a call!!
Are you interested in getting a personalised quote on the services you desire or in setting up a free meeting to discuss your needs and options?