Softrim provides consulting, implementation and support for all network and desktop related security issues. Security entails:

·          protecting data from external and/or internal intruders or unauthorized personnel
 

·          protection against malignant programs such as viruses, worms, trojans, etc.
 

·          protecting the network from external or internal attacks
 

·          policy administration of passwords, permissions, user profiles, etc.
 

Services related to security include:

·          local and remote data
 

·          power protection (electrical surges and transients, brownouts, blackouts)

Softrim helps Clients in establishing a security policy that covers e-mail rules, physical protection of hardware and software, software licensing and copyright, network administration and allowed access points, as well as essential disaster recovery plans.

The following information is presented as an aide to understanding the design of network security:

·          Typical Commercial/Business Network

o         Security at the gateway (the point at which network connects to the outside world, usually the Internet) is managed with hardware based firewalls configured using industry standard best practices

o         Internal network security is managed by server and workstation Operating Systems. Spyware, Adware, Anti-virus, Malware, content and web access security configured using industry leading, server/software based solutions

·          Financial, Legal, and Medical Business Networks (or any networks that may need compliance with SAS 70, PCI, Sarbanes Oxley, HIPAA, etc.)

o         Security at the gateway (Public Internet) is managed with advanced firewalls that are in effect adaptive, intelligent security appliances.

o         Intrusion Detection and Prevention is managed at the gateway with the security appliance. Remote offices and remote users connect to the main network across SSL VPN’s

o         Internal network security and access to resources is managed by server and workstation Operating Systems in addition to Dual-Factor Authentication Appliances such as a RSA SecurID.

o         Spyware, adware, virus and malware content and web access security is configured using Security Appliances at the gateway combined with server/software based solutions on the internal network.

 

Click here to view a Comprehensive Network Sample Diagram

·         The typical security components in a network are:

      o   Routers (route packets - clusters of data from one network to another)

• analyze the source and destination (addresses, ports and protocols) of packets using access control lists
• allow or disallow packets based on analysis
• may also encrypt or decrypt packets for VPN application
• may also do stateful packet inspection
• may also intercept TCP three way handshake to validate connections
• voice over IP: compress/decompress and add security


• Firewalls (similar to a Router, a Firewall analyzes packets and allows/disallows transmission)
  
  • look inside packets to disallow malformed data based on preset rules (layer 7 application data scanning)
  • have extensive logging and notification features, can support IPSEC VPN tunnels
  • high end routers (with software options) may be configured to act as firewalls
  
   
• Security Appliances (advanced firewalls that combine features and functionality to handle threats on many levels)
  
  
  • Firewall features and functionality built in
  • Some models have multiple features combined such as wireless connectivity, VPN concentration, content filtering & protection, web access control and security, and Intrusion Detection and Prevention
  • Adds SSL VPN capabilities (more secure the IPSEC)
  
   
• Dual-Factor Authentication Appliances (network access requiring a password and another form of identification such as a Smart Card, Key Fob, or Biometric Device)