Security structures: firewalls, encryption, backups

Software and hardware solutions to protect your network, your servers and your sensible data

FIREWALLS

Software and hardware solutions to protect your network and your servers. All the solutions are based on dedicated hardware available in different formats to cover the specific needs :

  • home and small offices
  • large offices
  • branch offices
  • servers

Every component of the hardware can be replaced and extended in case of failure or if more resources are necessary. Each firewall can be equipped with redundant disks and network cards to improve business continuity. Two firewalls can be combined to guarantee high availability in critical conditions. See the complete hardware solutions available at the MiniServer website, a vendor that we suggest.

The software solutions are all open source: OpnSense, PfSense, and Zeroshell, and support all the network open standards and guarantee interoperability with other vendors. The configuration of the entire firewall can be automatically saved to a remote NextCloud server installed on a DigitalOcean virtual machine and in case of disaster, a new firewall can be installed without the need to recreate it from scratch.

VPN

Virtual Private Network solutions to access a remote network securely or to connect two or more office branches with an encrypted connection. A VPN can be implemented using IPSec, OpenVPN, and WireGuard software and allow single computers, tablets, or smartphones to connect to a protected network through an encrypted channel and to use the remote resources seamlessly as they would be physically connected to the same network. This technology allows to access and control remotely every device connected to the network with every protocol available. A VPN permits also connecting two or more branch offices allowing them to work on the same servers transparently. The VPN usually are implemented in a structure with a firewall but can be also implemented separately and independently.

DATA ENCRYPTION

Open source solutions to encrypt and protect sensitive data on servers, computers, tablets, and smartphones. Data encryption guarantees privacy protection also in case of a system breach or when a device is lost or compromised. Many solutions are available for Linux desktops :

  • full disk encryption: a password is required to decrypt and access the data contained on the disk and to start the operating system
  • encryption of the user’s data: this is completely transparent to the user when he logs into his computer his data are automatically decrypted

VeraCrypt is another solution that permits the creation of encrypted virtual disks that can be transferred also on a USB memory and that can be used by different operating systems.

Other custom solutions can be implemented using symmetric and asymmetric algorithms and open source libraries to protect single files and can be integrated into custom-designed and developed software.

The privacy and authenticity of the emails can be guaranteed using GPG and integrating it with the email client software (we suggest Mozilla Thunderbird with Enigma plugin): only the owner of the private key and password can read the emails that have been previously encrypted with his public key.

BACKUP

Having an automatic, efficient, and easily accessible backup of your data is mandatory. Different software and hardware solutions are available to cover every need. To guarantee maximum reliability different physical backup locations should be implemented. And to preserve privacy the backup should be encrypted.

Software solutions like rsync and rsnapshot permit to store a copy of the desired files on different storage and keep track of the changes allowing to restore a specific version of the data in time.

Borg Backup is a complete backup solution for Linux and Mac that allows backup not only directories and files but also entire disks.

Borg efficiently uses the storage space compressing, deduplicating the data, and encrypting them to protect privacy. Duplicati is another powerful open source and cross-platform backup solution for Linux, Windows, and Mac. It is possible to integrate Borg and Duplicati also with a cloud storage service like BlackBlaze to have a backup storage repository outside the office and accessible from everywhere.

For more simple needs a backup based on S3 cloud storage can be implemented using s3cmd that permits to keep in sync local directories with online cloud storage and to preserve privacy with the encryption of the files.

A valid backup solution for offices is the NAS servers. Synology offers a wide range of NAS devices that can be used both in small, medium offices up to enterprise environments. For a small-medium office, for example, Synology DS718+ is a very powerful solution. For custom solutions and large environments, FreeNAS is an open-source solution based on FreeBSD operating system that can be also installed on its hardware. Alternatively, OpenMediaVault is open-source software that can be installed on every hardware supported by Debian Linux and custom hardware, perfect for small and medium offices.

Projects
Firewall, VPN and server farm network
Firewall, VPN and server farm network
Firewalls, VPN and content filtering
Firewalls, VPN and content filtering
VPS servers, Firewall and VPN
VPS servers, Firewall and VPN
Recommended tools
ClouDNS

DNS hosting, monitoring and failover. DDOS protection
Contabo

Cloud VPS, Cloud VDS, Bare Metal, Object Storage
Miniserver

Firewall, NAS and appliance
OPNsense

Firewall, IDS, VPN
Tuxedo Computers

Linux notebooks, desktop and mini pc