Security Solutions
Even though you may see security as a vital area for your organisations, the increase in the use of email, web browsing, Internet based business and extended networks to facilitate remote access, ensures the risks grow accordingly. This is born out by the facts: security breaches continue to grow and so do the associated costs. In 2004, 74% of UK organisations had a security incident, up from 44% in 2000. Security is an integral part of every solution and service BSG provides to its clients' and to help you manage the risks you face every day, BSG provides choice on how the following security solutions are operated:
Source: Information Security Breaches Survey 2004 - DTI / PricewaterhouseCoopers www.security-survey.gov.uk
On this Page
Data centre and network security
The BSG data centre and networks used to host and manage its own and client web and internal facing systems are ISO27001 certified and as such meets the highest recognised standards available. BSG uses this expertise and experience to design data centre and network security solutions for its clients.
Typical data centre security architecture for internal applications:
Click to enlarge
The elements that make up data centre and network security solutions include:
Firewalls - BSG's firewall solutions are designed to protect your servers and network from attack. Firstly, an experienced Engineer will liaise with you to define your security needs and establish your firewall security configuration policy. This will dictate the type of solution required. BSG partners with Cisco and Checkpoint / Nokia to offer firewall solutions and as a Microsoft Gold partner incorporates Microsoft Internet Security and Acceleration (ISA) Server 2004 into its infrastructure designs as a firewall and Web cache server where required. BSG's ability to create security solutions using firewall products from a number of different vendors provides an additional “n-tier” of security and makes the level of protection even greater, as illustrated above.
Intrusion Detection Systems (IDS) - BSG's intrusion detection solutions are capable of performing real-time traffic analysis and packet logging on IP networks. They can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. The IDS systems watch for patterns that characterise an attack at various priority levels, and send alarms to security engineers for quick response and escalation to your security point of contact. BSGs can provide the additional resources, should you wish to further investigate and respond to serious incidents.
Identity Management - BSG's identity management solutions ensure that users are not only able to effectively authenticate themselves when accessing systems and information, but also that administrators can manage that access efficiently. Vital to creating an identity management solution is ensuring the technology meets the business need. New technologies including biometrics and established technologies such as RSA SecurID, enable BSG to provide authentication tools that increase security and meet the specific needs of your organisation and its users. As one of the few UK Microsoft Gold partners with staff certified to design identity management systems using Microsoft Identity Integration Server (MIIS), BSG's clients can benefit from centralised solution that stores and integrates identity information for organisations with multiple directories.
Penetration Testing - BSG's penetration testing enables you to evaluate the security solution that has been created ensuring security measures are actively analysed for design weaknesses, technical flaws and vulnerabilities; the results are then delivered in a comprehensive report. Penetration testing is available for the following areas:
- Network Surveying
- Port Scanning
- System Identification
- Services Identification
- Vulnerability Research & Verification
- Application Testing & Code Review
- Router Testing
- Firewall Testing
- Intrusion Detection System Testing
- Trusted Systems Testing
- Password Cracking
- Denial of Service Testing
- Containment Measures Testing
- Wireless Network Testing
By using third party organisations to carry out penetration testing on security solutions BSG has designed, you can be assured of an independent and objective report.
Secure remote access
As your staff, partners and customers demand access to networks, applications and information from anywhere at anytime, the challenge to facilitate this securely and cost effectively is equally demanding. BSG's experience and expertise in this area enables it to provide a range of secure remote access solutions:
IPSec VPN (Internet Protocol Security Virtual Private Network) - an IPSec VPN enables a secure connection to your network across the Internet. A VPN can be contrasted with an expensive system of owned or leased lines that can only be used by one organisation. As such, an IPSec VPN creates a secure tunnel through the Internet, providing secure access to your network.
BSG offers two IPSec VPN solutions:-
- Remote User VPN - which provides travelling and offsite employees with secure connection to your network, whether they are hosted at BSG's data centre or your own location. A remote user VPN requires a client
- Managed Remote Office VPN - which provides intranet-based secure communications and information exchange between remote offices.
BSG can design, deploy and if you wish manage your IPSec VPN using secure and proven technology from Cisco and other leading vendors
SSL VPN (Secure Socket Layer VPN) - in contrast to IPSec VPN's, SSL VPN's do not require software to be installed and configured on the remote device (e.g. home PC or laptop). This considerably reduces the administration overhead, enables the number of users to be easily increased and enables users to have true remote access. SSL VPN's provide remote access to applications via a web browser using the web secure socket layer standard. The ability to provide remote access to the application rather than the network also reduces the potential risks associated with IPSec VPN's from the users' machine. Vulnerability management settings within the SSL VPN ensure the remote computers are prevented from introducing viruses to the network. BSG has tested and evaluated a number of SSL VPN's from leading vendors including Netilla, Cisco and Checkpoint, enabling it to design, deploy and operate scalable solutions for its clients.
Wireless network and mobile device security - As an HP Mobility Club partner and Cisco Wireless Specialist, BSG is able to create and survey the security of wireless network designs. The infrastructure mobility solutions are designed with different levels of security in mind. These range from a minimum of ensuring data is encrypted between email server and device, through to terminating the device itself (and data on it) remotely should the need arise.
Email, server and desktop security
As the time between the identification of a security vulnerability and a virus or malicious code been released to exploit that vulnerability reduces from months to days it is becoming increasingly for patches to be deployed to counter the vulnerabilities and for up to date anti virus to be deployed at the email gateway, server and desktop.
Anti Virus solutions - Most attacks occur through either email transfer or end unsecured end user devices introducing the virus to the network. In response to this BSG advocate the anti virus solutions using a 3 tier design. Tier 1 is Mail Gateway virus protection using leading vendors such as Mimesweeper and Sophos/McAfee). Tier 2 is Server/Mail Server Protection (e.g McAfee) and Tier 3 is Desktop anti virus. This design ensures all areas of the network from a mail flow perspective are covered. By building central anti virus distribution server, it is possible to ensure updates reach all tiers as quickly as possible.
Vulnerability Management - If your staff take their laptops home, how can you ensure when they reconnect to your network they are not introducing a virus? BSG's vulnerability assessment provides a thorough discovery of security vulnerabilities to quickly identify systems and applications at risk. BSG can then utilise industry leading technology to mitigate those risks.
Patch Management - As a Microsoft Gold Partner, BSG helps organisations design patch management solutions using Microsoft Windows Update Services (WUS)-the next version of Software Update Services (SUS) - to simplify and automate the deployment of patches and updates in your organisation.
Security management solutions
Security isn't just about information technology, it's about people, physical security and the processes you wrap around it. BSG attained the ISO27001 Information Security Management System (ISMS) certification in 2002. The most widely recognised security standard accreditation in the world covers BSG's data centre, managed hosting and IT operations.
ISO27001 comprises 10 detailed control disciplines including, information security policy, security organisation, asset classification controls, personnel security, physical security, communication management, access controls, system deployment, continuity planning and compliance. These disciplines demonstrate BSG ability and commitment to delivering the highest quality of security solutions to its clients, and its ability to guarantee the highest levels of assurance to individuals and organisations using or relying upon its services.
This knowledge and experience within BSG, enables it to provide security consultation for your security management at all levels.
BSG's ISO27001 certification has enabled it to design a flexible Business Continuity Service with the highest standards of security to meet the needs of organisations in all business sectors.