VPN Technology

Our remote check printers at our client’s sites are connected via encrypted VPN tunnels from our network to the remote network.  This keeps all check information safe from prying eyes, electronic surveillance, and most other methods of interception. 

Our Custom IDS Solution is based on the award winning Snort IDS technology

Many people have the misconception that firewalls provide adequate protection against intruders or other threats.  However, this is not always the case.

"A firewall is simply a fence around your network, with a couple of well-chosen gates. A fence has no capability of detecting somebody trying to break in (such as digging a hole underneath it), nor does a fence know if somebody coming through the gate is allowed in. It simply restricts access to the designated points.

In summary, a firewall is not the dynamic defensive system that users imagine it to be. In contrast, an IDS is much more of that dynamic system. An IDS does recognize attacks against the network that firewalls are unable to see. "

Not only does it aid in tracking attackers, it automates many of the jobs that would normally have to be run manually which results in an increase of productivity.  An IDS can scan the event log of a computer and alert the administrator when certain events occur.  Alerts can be sent in a variety ways such as e-mail, console messages, phone call, or a page.  In addition to automatic notification, IDS systems include a reporting package allowing network administrators the ability to run a wide variety of reports.

Another common misconception is that threats come from the outside, rather than the inside.

"Another problem with firewalls is that they are only at the boundary to your network. Roughly 80% of all financial losses due to hacking come from inside the network. A firewall at the perimeter of the network sees nothing going on inside; it only sees that traffic which passes between the internal network and the Internet.”

Intrusion Detection Systems assist in:

• Improving integrity of other parts of the information security infrastructure
• Improved system monitoring
• Tracing user activity from the point of entry to point of exit or impact
• Recognizing and reporting alterations to data files
• Spotting errors of system configuration and sometimes correcting them
• Recognizing specific types of attack and alerting appropriate staff for defensive responses
• Keeping system management personnel up to date on recent corrections to programs
• Allowing non-expert staff to contribute to system security
• Providing guidelines in establishing information-security policies
• Automated notifications for problem detection and resolution.

Secure Portal

Our portal software was designed from the beginning to be a security solution, and to support a wide variety of popular public protocols and standards. It is not an FTP server with security features added-on, nor is it a proprietary secure file transfer program with open standards support grafted-on.

Here are a few examples of the unique, defense-in-depth features that makes our portal server 'secure by design.'

• The security of the files handled by our portal software does not depend on the security, or lack thereof, of the OS that it runs on.
• By design our portal software is not able to push files, which means it cannot be used to push malware into trusted networks if it is ever compromised.
• “Least privilege” authorization is implemented for tight administrative control over what users can and cannot do.
• Our portal software’s virtual user interface helps implement ‘least privilege’ by providing tight administrative control over what users can and cannot see, including command options, files, folders, logs and user information.
• Our portal software uses a separate file and folder/directory naming convention than that used by the underlying OS (another benefit of the virtual interface).
• Exclusive use of FIPS 140 validated encryption for transport and storage.
• All files received by our portal software are stored using its built-in AES encryption, so they cannot be read, and executables cannot be run, by un-trusted parties.