Security structures: firewalls, encryption, backups

Software and hardware solutions to protect your network, your servers and your sensible data


Security structures:
firewalls, encryption, backups

Firewalls

Software and hardware solutions to protect your network and your servers.
All the solutions are based on dedicated hardware available in different formats to cover the specific needs :

  • home and small offices
  • large offices
  • branch offices
  • servers

Every component of the hardware can be replaced and extended in case of failure or if more resources are necessary.
Each firewall can be equipped with redundant disks and network cards to improve the business continuity.
Two firewalls can be combined together to guarantee the high availability in critical conditions.
See the complete hardware solutions available at MiniServer website, a vendor that we suggest.

The software solutions are all  open source : OpnSense, PfSense and Zeroshell, and  support all the network open standards and guarantee the interoperability with other vendors.
The configuration of the entire firewall can be automatically saved to a remote NextCloud server installed on a DigitalOcean virtual machine and in case of disaster, a new firewall can be installed without the need to recreate it from scratch.

VPN

Virtual Private Network solutions to access a remote network in a secure manner or to connect two or more office branches with a encrypted connection.
A VPN can be implemented using IPSec, OpenVPN and WireGuard software and allow single computers, tablets or smartphones to connect to a protected network through an encrypted channel and to use the remote resources seamlessly as they would be physically connected to the same network.
This technology allows to access and control remotely every devices connected to the network with every protocol available.
A VPN permits also to connect two or more branch offices allowing them to work on the same servers in a trasparent way.
The VPN usually are implemented in a structure with a firewall but can be also implemented separately and indipendently.

Data encryption

Open source solutions to encrypt and protect sensible data on servers, computers, tablets and smartphones.
Data encryption guarantees the privacy protection also in case of a system breach or when a device is lost or compromised.
Many solutions are available for Linux desktops :

  • full disk encryption : a password is required to decrypt and access the data contained on the disk and to start the operating system
  • encryption of the user's data : this is completely transparent  to the user, when he log into his computer his data are automatically decrypted

VeraCrypt is another a solution that permits to create encrypted virtual disks that can be transferred also on a USB memory and that can be used by different operating systems.

Other custom solutions can be implemented using symmetric and asymmetric algorithms and open source libraries to protect single files and can be integrated in custom designed and developed software.

The privacy and authenticity of the emails can be guaranteed using GPG and integrating it with the email client software (we suggest Mozilla Thunderbird with Enigma plugin) : only the owner of the private key and password can read the emails that have benn previously encrypted with his public key.

Backup

Having an automatic, efficient and easily accessible backup of your data is mandatory. Different software and hardware solutions are available to cover every need.
To guarantee the maximum reliability different physical backup locations should be implemented. And to preserve the privacy the backup should be encrypted.

Software solutions like rsync and rsnapshot permit to store a copy of the desired files on a different storage and keep track of the changes allowing to restore a specific version of the data in time.

Borg Backup is a complete backup solution for Linux and Mac that allows to backup not only directories and files but also entire disks. Borg efficiently uses the storage space compressing, deduplicating the data and encrypting them to protect the privacy.
Duplicati is another powerful open source and cross platform backup solution for Linux, Windows and Mac.
It is possible to integrate Borg and Duplicati also with a cloud storage service like BlackBlaze to have a backup storage repository outside the office and accessible from everywhere.

For more simple needs a backup based on a S3 cloud storage can be implemented using s3cmd that permits to keep in sync local directories with an online cloud storage and to preserve the priavacy with the encryption of the files.

A valid backup solution for offices are the NAS servers. Synology offers a wide range of NAS devices that can be used both in small, medium offices up to enterprise environments. For a small medium office, for example, Synology DS718+ is very powerful solution.
For custom solutions and large environments FreeNAS is an open source solution based on FreeBSD operating system that can be also installed on own hardware.
Alternatively OpenMediaVault is an open source software that can be installed on every hardware supported by Debian Linux and custom hardware, perfect for small and medium offices.

Projects