Due to modern IT systems' complexity, preventing abuse or ensuring information privacy is becoming increasingly more difficult, and in many cases impossible. Zero-day (i.e. previously unknown) software vulnerabilities are commonly found in all types of computer systems, with no way of knowing if anyone has already been exploiting them. Together with rapid digitalization of everyday activities and decreasing hardware storage reliability, the dangers of data loss and information leaks are severe.
KoMnA can help minimize such threats, providing the following services:
Risk assessment and incident analysis.
Network design, setup and maintenance, including firewalls and server infrastructure.
Data integrity and communication security via encryption, signatures and time stamping.
System administration for Unix (OpenBSD, Linux, Solaris) and Windows servers.
The correct approach to protecting a computer network starts with risk assessment and finding appropriate methods of prevention. Based on the information acquired, a company-wide security policy is laid out and applied to all elements of all networks.
This requires extensive knowledge of various hardware and software products, information systems and networking protocols, as well as experience with user behavior. KoMnA has the know-how to properly address security issues and manage (or participate in) security projects according to clients' needs.
Proactive security (in the broader sense) consists of all methods used to prevent security incidents. This includes network access control management, antivirus and harmful software detection tools, proper server and firewall configuration, regular maintenance and security upgrades for all computer systems, and other such measures.
Wherever possible, KoMnA follows real proactive security approach, that has proven to be extremely effective even against yet unforeseen threats. We try to assume every element (such as a computer or a specific service) to be already under attacker's control and then minimize the damage it can cause to the rest of the network. To achieve this, we implement such measures as running server software in chroot jails and privilege separated, installing each server system in its own demilitarized zone, segmenting networks into smallest possible subnets, etc.
We are well aware that, for some organizations, a comprehensive approach as described can be a significant investment. Furthermore, it is usually difficult to find the proper balance between security, productivity, and user convenience. We want to stress, however, that even low-cost and imperfect measures can significantly reduce most of the risks.
Security and data data integrity incidents — from storage device failures to network breaches — require appropriate reaction that was carefully planned in advance. Prompt response and correct disaster recovery are necessary with any business where damage depends on system downtime duration. If information access control is a priority, however, systems may need to remain offline until after the incident has been fully investigated.
In any case, a well-thought-out and properly implemented backup process is of vital importance, as are the regular integrity checks of backup archives. Both should be automated as much as possible.
KoMnA offers advanced backup servers, providing real-time data protection through mirroring and database replication, as well as regular system images which include recovery instructions or automated restoration scripts. An equvalent backup process can be provided (if not already included) for most of our own servers and information systems.
Perhaps KoMnA can help your organization, too. Contact us to directly consult our developers and system administrators.