Technology Experience

Server Room

Robust Network Security Infrastructure

Overview: We started with putting technologies in place for achieving two important goals when we moved into our current location here in Victoria back in 2005:

Goal #1 Mitigating all single points of failure within our network infrastructure.
Goal #2 To put in place the most robust Network security infrastructure we could muster in order to keep undesirables out!

It came to light very quickly that the first step for achieving both of our goals was to get our own IP addresses from ARIN (American Registry for Internet Numbers) and that is what we did, with 4 sets of class C IPv4, and later on with a set of IPv6 IP addresses.

Firewalls: We implemented two Linux based firewall servers that provide redundancy through a heartbeat connection.

Phones: We decided to go pure VoIP when we moved to the new office enabling us to offer an enhanced level of functionalities that we didn't have before.

Web Filtering: We have a comprehensive list of over 1.5 million websites that have been blocked to and from our network. Please see the details below.

PCI Compliance: Putting the Network security infrastructure outlined here in place enabled us to get the PCI Compliance Award in 2013.

Specific Points

Incident Response

Any report of a suspected or potential information/privacy breach, with relation to data available on corporate resources, is investigated by myself or staff member. The investigation includes what, if any, access or dissemination of information occurred along with a summation and recommendations for remediation.

Disaster Recovery

The facility contains numerous redundancies, including multiple internet connections and direct IP allocations from ARIN to allow for seamless routing of traffic during an upstream issue (You could pull one connection and a voice conversation will not be interrupted). Key servers are duplicated in either a fault tolerant or high availability manner, depending on the application. Hardware being used is enterprise class, and replacement parts are standing by in the server room for the unlikely event of a service impacting failure (E.g pre-configured edge routers). Routine backups are also being taken that include a combination of full and incremental backups. These backups are stored on separate media and rotated so months worth of backups are available, should they ever be needed.

User Access Controls Including Remote Access.

Access to documents and IT resources are protected by a number of ACLs. At the core of this, multi-tiered permissions are set on AD objects with only a handful of admin accounts (of which auditing is enabled). Nix machines have been hardened and do not allow switching of run-level, dropping to single-user mode w/o a password, attempting root login, or switching to an elevated shell outside of an audited sudo execution of commands. Remote access has been disabled to all but a few public facing services (e.g. DNS/rDNS, HTTP, etc). The only service allowing remote authentication is a Terminal Server which only accepts authenticated, and encrypted remote connections. This server has been hardened and restricts user access while logged in. In the past there has also been a VPN offering which, when active, would allow users to securely authenticate and connect over encrypted tunnel to a segregated subnet/vlan and access only select resources; this has been dropped in favor of the Terminal Server where users are in a more controlled environment.

Web filtering:

This is the list the categories of sites that have been blocked: - aggressive, dating, drugs, gamble, hacking, porn, violence, warez, weapons.

How can we help you?

Call us Toll Free at 1-888-802-5347 or Speak With one of our sales executives.