Firewall

Firewall

Access management based on an IP address is out of date today. You should control the accesses at a higher level in terms of users and groups. Our team doesn't only offer implementation, but mainly a sophisticated administration of firewalls.

 

Our story
One hospital saved 60% of its expenses due to the AEC model which relied on existing technologies.

One significant hospital in Prague had been refused the connection of its network to the internet for a long time, fearing the data security of its patients and its infrastructure. When the new health technologies were 100% impossible to use without the internet connection, the hospital management finally decided to connect.

The existing infrastructure wasn't ready for such a step at all. The hospital needed a completely new proposal of the network topology so the connection would be safe. The AEC project won the tendering procedure, which was mainly based on adjustments and the boosting capacity of the existing infrastructure. Our concept relied on a robust central firewall and the network segmentation into several separated levels with various degrees of security.

Thanks to the AEC model, the hospital saved about 60% of its costs, instead of having to invest into the complete replacement of the network infrastructure. Subsequently we helped to select appropriate solutions and to deploy them. To conclude, we carried out penetration tests that confirmed the durability of the new solution against possible attacks.

Due to this experience the hospital started longterm cooperation with AEC, and we maintain the current configurations of their network security components.

The solution's description

The network firewall is one of the security network infrastructure keystones. This technology, with the help of the filters' definition, enables us to allow or ban the operation which is desired, or, on the contrary, not desired. Either from or to the internet, or within the internal network. Operation filtering itself is insufficient in these times of advanced network attacks, that's why this technology expands and is being complemented by other modules. To mention mainly:

  • Packet filter with advanced deep packet inspection;
  • Authentication and authorization on the basis of advanced definition (users, ip addresses and other objects);
  • Integrated IPS solution;
  • Integrated inspection of SSL operation;
  • Complex access to VPN technologies including secure virtual desktops;
  • Data Loss Prevention Technology;
  • Antivirus;
  • SIEM integration of all modules into a synoptical monitoring including early warning;
  • Advanced networking and routing technology;
  • And others.

Why solve this issue?

  • Since operation filtration is an obligatory component of each network by reason of the protection against the unnecessary approach,
  • operation filtration logically sections the network segments following up the security requirements,
  • the packet filter on its own is not sufficient,
  • stealing any kind of users' and clients' data,
  • prevention against security incidents.

The security benefits

  • Complex overview of the network operation and its assessment in real time including the active measures,
  • broader authentication and authorization possibilities including the integration of the step-up or 2 FA authentication,
  • logging of the entire operation,
  • logical and physical distribution of the infrastructure into independent components which don't effect each other in relation to security,
  • high level of internal users' and the company's protection against the risks of losing credit and valuable data.

References

We have years of experience in the implementation of numerous projects for leading organizations in their branches.
Among our most important references are GMC Software Technology Ltd. and The Institute of Aviation Medicine. Other references can be given upon request.