Infrastructure- and Perimeter-Security

Infrastructure and perimeter security – The corporate firewall.

Rapid digitalisation and the modern workplace are placing IT under a lot of pressure and new tools are changing the way we work.  Your employees want to be able to work from anywhere and still be able to access corporate data, but at the same time, hackers are becoming far more sophisticated with over a dozen groups operating in Germany, offering Crimes-as-a-Service on the dark net. In 2018 alone, over 270,000 cybercrimes were committed.

As reported by the German Federal Criminal Police, this figure is on the rise with most companies faced with the huge challenge of tackling multitude of possible attack scenarios in their infrastructure. Our experts have the sophisticated analysis tools you need and are on hand to answer those niggling questions: What’s the status of my network security and IT infrastructure? Which measured do I need to implement to increase my company’s infrastructure security? Bechtle is your reliable partner for all things infrastructure, perimeter and network security.

Why are perimeter and network security so important?
Benefits of infrastructure security at a glance:

Firewall.

Protects networks and individual computer systems from unauthorised access.
Some of the latest versions can also detect attacks.

E-mail security.

Checks and encrypts e-mail traffic to protect against spam and also malware/phishing attacks.

Web security.

Protects against malware and botnets.
Can also be used to apply container filters (parental controls).

Authentication.

Protects against identity theft by leveraging multi-factor authentication.

Network segmentation.

Protects sensitive network areas or entire data centres from unauthorised access and reduces malware from spreading.

IP address management.

Manages and logs all IP addresses permitted in the network.

Intrusion detection and prevention.

Recognises and prohibits attacks that follow standardised patterns – usually implemented in modern firewall systems.

Virtual private networks.

Establish an encrypted data link to your company data and protect sensitive data from being read by intruders.

Network access control.

Protects the company network from unauthorised access and implements compliance guidelines.

Business Manager IT Security

Christian Grusemann

Leverage our Security Assessment Framework to quickly review all relevant aspects of your IT security. Our experts are happy to help.

Security assessments for your infrastructure security: Completely rethinking and testing security.

Bechtle has developed a security assessment framework for SMEs that can check all relevant security aspects exceptionally fast. We have used our years of experience to design different packages that can be assembled individually into your own personal test suite to suit wherever your company is right now.

Infrastructure & Perimeter Security – Terminology.

Infrastructure and perimeter security encompasses products, solutions and services designed to protect your enterprise. A blend of firewall solutions from a variety of manufacturers, web services and mail services located in the DMZ (demilitarised zone) keep the corporate infrastructure safe from internet-based threats.

If employees working remotely want to access data and services in the corporate network, this should be possible via a secure and encrypted VPN access that creates an SSL tunnel into the corporate network, allowing access. Unfortunately, this method is prone to errors, which often leads to the connection being dropped unnoticed, preventing files from being saved correctly, which may mean they are lost. At first glance, this seems to go against everything that modern, flexible and agile ways of working stand for. The rising number of mobile end devices and flexible working models demands access to the company infrastructure from anywhere in the world, and is hence incompatible with the limitations that traditional firewalls pose.

Cloud Computing & Security

Enhanced protection for your business with our many years of expertise.

During our on-premise assessment, we conduct interviews with employees and carry out technical spot checks of your infrastructure. Our tests are all aligned with Cyber Security Alliance guidelines and are carried out in accordance with the ISO 27001 standard. You’ll receive the results along with a series of recommendations for technical and organisational measures you can implement to boost your organisation’s security. And what’s more, we are happy to implement them for you in close collaboration with management and the IT department.

Your benefits:

  • Exclusive Bechtle security audit
  • In line with ISO 27001 standards
  • Complete coverage of all relevant areas
  • Support on all company levels
Data protection in the Cloud

Additional packages extend the scope of service.

We can also carry out these assessments for your cloud users and provide tips on what to do in the event of an incident. In awareness trainings, your employees will learn how to handle suspicious e-mails and gain an understanding of the importance of IT security in everyday life. Our penetration test detect vulnerabilities hackers can exploit to sneak into your infrastructure. And last but not least, our experts test your staff’s attentiveness: How far do we manage to get in to your company? Can we access a workstation?

Bechtle – Corporate network security is a number 1 priority.

In many cases, traditional port-based firewalls that are located at the perimeter protect the IT infrastructure by controlling which services can be accessed from the outside. However, this approach is no longer lives up the standards laid out by the Federal Office for Information Security (BSI). There is, however, a new kid on the block in the form of next-generation firewall systems that, in addition to opening up ports, have also implemented packet filtering features that scan network traffic for vulnerabilities and viruses in real-time. These modern systems can also prevent data leaks, and their virus scan doesn’t only search for known viruses, but also checks files in a sandbox environment for threats.

Network services such as file explorer, mail and web servers link up with their protocols at different standardised ports, which are generally open in firewalls so that some form of communication is possible. This tends to open up the often-used 80 and 43 ports, but this enables some 7,000 applications to communicate unhindered. Next-generation firewalls allow individual business-relevant applications. Service control is no longer only based on ports, but applications are dynamically detected using real-time analyses, all of which adds up to optimum support for your agile work process.

The company infrastructure through the ages – How IT shapes businesses:
zero trust and software-defined perimeter.

When taking a closer look, it becomes clear that all the new mobile devices outside the corporate network have to be protected just as well as if they were inside. This means that the perimeter has to be moved closer to the end device to guarantee protection during access. In contrast to a classic approach, a zero trust architecture is suspicious of all devices and access attempts

and they will be forced to identify themselves even during sessions. Software-defined perimeters protect networks and data in compliance with a zero trust policy and expand the classic network perimeter to the apps, which in turn provide access. Users and apps only get access to the resources they need and have no idea where in the network they currently are.

Implementing a zero trust security approach.

This differs significantly from classic security architectures not only in its application, but also in its planning as the first step moves the data to be protected to the foreground, rather than the traditional approach of focussing first on setting up the architecture. The kind of data and who they are accessed by determines how they should be protected.

 

1.

Identify data, assets, applications and services that need protection.

2.

Analyse network transactions.

3.

Implement a zero trust architecture.

4.

Define zero trust guidelines.

5.

Monitor and maintain these structures.

Data-Center Protection

Vulnerability detection –
Critical for corporate firewalls.

A target system such as a web server within your organisation can become a danger if it isn’t regularly patched. This is where vulnerability detection integrated into next-generation firewalls comes in. If a vulnerability is being exploited, the system plugs the security gap and defends against the attack by restarting,

which is particularly important as hackers will often scan your system for weak points before attacking. The result of this wideband scan serves as a basis for the attacker to decide whether an attack on your company assets is worthwhile. If the scan goes undetected, the probability that your company will be the victim of a targeted attack skyrockets.

Want to find out more about infrastructure and perimeter security?

<br/>Get in touch with our experts to find out how to configure a modern and secure IT infrastructure.

* mandatory fields

Please read our Privacy Policy for information on how we process your data and protect your rights as a data subject.