Cybersecurity has become more important than ever. With the massive attack ad breach of 18,000 US companies, organizations, and government agencies. How can a small business stand a chance? Vontainment incorporates enterprise and military-grade security in all our projects. We build highly secure networks, websites, servers, cloud services, and more. How do we bring this high level of security at a price a small business can afford? We employ the work of the open-source community. Brilliant programmers from around the globe work together on building free open source solutions. These solutions can match if not regularly beat commercial options.
Open Source means free software that publicly displays and makes available the source code. Anyone can take the code and help progress the software or give it their own spin. It also means we can all see any vulnerabilities, backdoors, malware, or other problems. Open Source software is globally vetted by its user base, meaning you know it’s safe. Some of the most know software is open source.
WordPress: It makes up almost 40% of all websites.
VLC Player: Most popular video player.
Openssh: Basically it’s been on almost every server globally since 1999.
Linux: The operating system that runs most servers and which Android, iOS, and Mac OS are built from.
PHP: PHP is used by 78.9% of all websites with a known server-side programming language. So almost 8 out of every 10 websites that you visit on the Internet are using PHP in some way.
Chrome and Firefox: Together these open-source browsers make up 95% of browser usage.
Websites, Ecommerce And cloud Services Security
Your digital world is under attack at all times. Any server or service exposed to the internet is pinged, probed, and tested by “bots”. We know that even Port Charlotte, Punta Gorda North Port, Sarasota, Fort Myers, and Cape Coral small businesses are just as vulnerable as NYC megacorps. We take steps to ensure you are not an easy target.
All our websites feature multi-layered security. We employ 3 firewalls for powerful defense. At the server level, we use IPtables the standard in Linux security only allowing the minimal ports needed to supply services open. The second at the network level is used to block access to ports running administration services to all but whitelisted IPs. We use Cloudflare in front of every site to filter bad traffic and bots. Cloudflare also allows us to block access by continent and country; keeping overseas cyberattacks away when applicable. As well as enabling Quic protocol and other site accelerating features. When a client’s need and business practices require their access, we can apply a white or blacklist to the services but country instead. Only allowing American traffic to admin pages or blocking a problem county.
We also employ fail2ban on all servers. This application watches firewall logs for repeated failed login attempts to all running services and bands the IP for an extended time. We use ed25519 elliptical cryptography keys instead of passwords wherever possible.
Russia and China are the main sources of cyberattacks; usually in the form of “bots” that test servers and websites for weaknesses. We have the option of blocking all traffic from one or both countries’ IP ranges. Though it’s entirely dependent on a business-to-business case as some clients may need access options to one or both countries. We also employ crowdsourced IP ban lists that auto-update with the IPs of current now attacks. As mentioned above most administration is locked to our IP addresses. If a client who has a more hands-on approach or matters on the type of service provided needs partial or full access to these areas we are happy to get you set up.
At the website level, we employ a WAF or web application firewall. It is called into action on every page load that is not static HTML. It filters a long list of attacks, blocks access to anyone trying to log in to the admin repeatedly, Also scans the websites frameworks files and compares them byte for a byte to the official repository to make sure no core file has been altered by hackers, as well as scanning all other files for malicious code.
Our remote servers periodically scan all client’s servers for malware and because we can’t claim 100% unbeatable security (no one can) all websites are backed up daily both to the local server and remotely to ours. We keep a rotating 5 days of backups. If you run on Digital Oceans we also back up the server fully daily at midnight and keep rotating 3 backups. We can redeploy a hacked site in under 5 minutes.
When We set up cloud services we only use the most secure and trusted frameworks and employ the appropriate defenses mentioned above based on the service, location, and type. We have so far not had a single client hacked in our 20 years of web design, and in the last 10 years of network and cloud services we have not yet had a breach in our security.
Servers, Data And Preventing Cyber Attacks
Our recommended host for websites and cloud services not located on-premise is Digital Ocean. For web design clients who use our suggested host and technologies. We set up web servers on Digital Ocean capable of 500k to 750k visitors over the course of a day with no issue. These servers run all open-source software. The key components are MySQL, PHP, and Apache webserver. We hide these behind an Nginx reverse proxy. This allows us to make the backend services such as PHP, MySQL, Redis, and others only available through Unix Sockets vs TCP ports. (TCP is internet ports leaving just your firewall for defense, Unix sockets can only be connected to by the host computer. They are also 20% faster.)
The Most Trusted Software
The Nginx reverse proxy is a powerful tool not only in cybersecurity but in making your site lighting fast. Unlike normal where websites dynamically rebuild each page loads. Nginx server static content to areas not changed. It’s able to do as much for page speed as it is for security. It blocks access to files that contain sensitive information or could be used to attack.
End To End Encryption
All our sites, applications, and servers employ top end-to-end encryption. Either your data go where it was meant to or someone will just see gibberish. We use Linux user accounts and file permissions to appropriately keep you safe. This usually allows for a safer experience. It also prevents any possible hackers from gaining access.
We use 3 layers of backups for redundancy meaning we can have you back up in a few minutes with minimal data loss. Backups are as important to cybersecurity as prevention. We only use secure encrypted versions of protocols like SFTP or ftps (yes two different things) The email software we use is protected from spammer access with rate limits found appropriate for your usage. For mail servers that handle both sending and receiving of mail@yourdomain we only have encrypted ports available as to not risk passwords over plain text. We also use new mail DNS to prevent spoofing by spammers. DMARC passes or fails a message based on whether the message’s From header matches the sending domain when SPF or DKIM checks the message.
Networking, Computers, And Other Services At Your Location
We always build secure systems and networks. Using advanced firewalls to protect internal networks as well as intrusion detection and only allowing external access to local services remotely by way of a reverse proxy.
A reverse proxy is a server that fetches requests from local services and delivers them to users at remote locations with end-to-end encryption, powerful authentication, and dedication to security. The proxy acts as a gateway for remote users to access local services on a network. With only one point of entry, we are able to beef up the security at that point making anyone who wants access who is unauthorized have to work very hard to get anywhere. Since a proxy is not interacted with like a workstation, reading emails, or surfing the web it’s low risk for malware that could bypass security.
We try to avoid VNC and other remote desktops and VPN (virtual private networks) like OpenVPN and IPsec. These are frequently targeted as weak points. Though they are needed under some circumstances. If they are, we employ them in advanced and secure methods. We only use WireGuard VPN as it is fast, secure & open-source. Built with only 40k lines of code vs OpenVPN millions. Protect remote services with WireGuard or reverse proxies. Make sure there is a secure gateway between computers and the internet.
Our Core Values Are Cybersecurity Oriented
You can feel safe with us! We follow every rule and guideline for security as well as going above and beyond. We employ the best security as well as making it transparent, automatic, and affectless of your user experience. Furthermore, we stay ahead of our competition using the newest tech. We take your security seriously and don’t let our pride cause disaster. We can’t say that our services provide hacker-proof 100% secure systems. No one can, as good as We are We know there is someone better. What we can guarantee is our best work.
Cybersecurity is at the core of our business. We specialize in open-source software, modern tech, fast optimized code, standards-compliant work, and in that you can make a statement without going over the top. That is why our designs are minimalistic but eye-catching. Our core philosophies don’t make our work hackproof, but they do lower the attack surface.
Our security measures are best when projects are done with our recommended software, hosts, and 3rd party services. Though we understand that you may know what you want, it may not fit our recommendations. We will always work hard to keep you secure and yet create your desired project. So if you’re looking to get a new website, cloud application, or looking for cybersecurity consulting, please give Us a call!!