Data Security

Our security infrastructure is fortified by a suite of advanced tools, each serving a distinct yet complementary role.

Crowdsec

The Crowdsec agent is installed on all of our servers and can detect attack attempts like SSH brute force. The lists used by Crowdsec are Crowd-sourced (hence the name Crowdsec) meaning that anyone else using the tool will add to the blocklists when malicious attacks are detected.

Our Crowdsec blocklists are sync'd to Cloudflare and our Server Firewalls.

Cloudflare

Cloudflare Zero Trust operates on the principle of least privilege, enforcing strict identity verification and access control to safeguard against both internal and external risks. Zero Trust sits between our servers and the internet, acting as a middle man to defend against malicious users.

Complementing this, the Cloudflare Web Application Firewall (WAF) offers a cloud-based solution to protect our websites from various web-based threats, including DDoS attacks, with the flexibility of customizable rule sets.

Wazuh

Wazuh is a powerful Security Information and Event Management (SIEM) tool that plays a crucial role in our security infrastructure. It provides comprehensive real-time monitoring of our system and network activities. Wazuh effectively detects anomalies, potential threats, and system misconfigurations. It’s particularly adept at identifying security incidents in their early stages, facilitating prompt responses.

The tool also offers robust log analysis, file integrity monitoring, and rootkit detection capabilities. By integrating Wazuh into our security setup, we not only enhance our ability to detect and respond to threats but also comply with various regulatory requirements.

Firewall

UniFi Intrusion Prevention System

The UniFi Intrusion Prevention System (IPS) enhances our security by analyzing network traffic in real-time to detect and block threats. Integrated with the UniFi Security Gateway, it uses deep packet inspection to protect against various attacks, including exploits and malware. Its continuously updated threat database and automated response mechanisms help keep our network resilient against evolving security risks.

Virtual Machines

For our Windows and Ubuntu servers, we employ robust firewall configurations to maintain a secure environment. On Windows servers, we utilize the built-in Windows Firewall, a powerful tool that controls incoming and outgoing network traffic based on predefined security rules. This allows us to specify which applications and services can communicate over the network, effectively blocking unauthorized access while permitting legitimate traffic.

On Ubuntu servers, we rely on UFW (Uncomplicated Firewall), a user-friendly interface for managing iptables, the default firewall tool in Linux. UFW simplifies the process of configuring iptables, enabling us to easily set up default policies and create rules that govern incoming and outgoing connections. This ensures that only traffic necessary for our services is allowed, minimizing the attack surface and enhancing our servers' security posture.

Both firewall solutions are integral to our defense strategy, providing a layered security approach that protects our servers from unwanted traffic and potential threats, ensuring the integrity and reliability of our services.