" firewall Archives - LuxSci

Posts Tagged ‘firewall’

Zero Trust and Dedicated Servers

Tuesday, July 6th, 2021

We will continue on in our series on Zero Trust, this time discussing Zero Trust and dedicated servers. As a quick recap, the Biden Administration ordered all federal agencies to develop a plan to adopt Zero Trust Architecture. This is a security model that begins with the assumption that even an organization’s own network may be insecure.

It accepts that bad actors may be able to penetrate the network, therefore a network designed under the Zero Trust model is built to make security perimeters as small as possible. Zero Trust Architecture also involves constantly evaluating those who are inside the network for potential threats.

One of the core aspects of Zero Trust Architecture is the concept of trust zones. Once an entity is granted access to a trust zone, they also gain access to other items in the trust zone. The idea is to keep these trust zones as small as possible to minimize what an attacker would be able to access if there is a breach.

Dedicated servers are a critical component of trust zones and Zero Trust Architecture as a whole.

zero trust and dedicated servers

The Role of Dedicated Servers in Zero Trust Architecture

Dedicated servers are an important part of Zero Trust Architecture. LuxSci customers can host their services on their own dedicated servers or server clusters, instead of sharing a server with other clients who may introduce additional threats. This isolates an organization’s data and resources from other entities, creating a small trust zone.

LuxSci also uses micro-segmentation to protect each customer’s server cluster. Our solution is host-based, and the endpoints are protected by firewalls. Each customer’s server (or cluster of servers) is dynamically configured in a micro-segment using server-level firewalls. This means that each customer is separated from others, and there is no privileged access between customers.

As a dynamic host-based micro-segmentation solution, this setup adapts fluidly to software modifications, service alterations, customer changes, and new developments in the threat landscape (as detected by automated systems).

Our customers can also choose to place a static traditional network firewall in front of their assets. This acts as an additional line of defense. With this traditional firewall on top, both customer assets and the dynamic micro-segment are placed in a well-defined network segment with added ingress and egress rules.

Access Controls

LuxSci’s dynamic host-based micro-segmentation solution is complemented by our flexible and highly configurable access controls. These include:

  • Two-factor authentication
  • Time-based logins
  • IP-based access controls
  • APIs that can be restricted to the minimum needed functionality
  • Application-specific passwords

These configuration options allow your organization to tailor access to your systems on a more granular level, limiting unauthorized access while still making resources available where necessary.

Limiting access and verifying user identities are important aspects of Zero Trust Architecture. These access controls fit hand-in-hand with our micro-segmentation setup for protecting server clusters.

Zero Trust: Dedicated Servers vs Shared Cloud Systems

A shared cloud system is not suited to the Zero Trust model, because the data and computations for different customers are managed in a shared environment. This means that segmentation isn’t possible, so the potential threats from other customers on shared resources can’t be eliminated. The risks of using a shared cloud server have been well-documented elsewhere. The industry’s shift to Zero Trust Architecture only reinforces the importance of using dedicated server environments.

Compared to cloud environments, dedicated servers are better aligned with Zero Trust Architecture. LuxSci’s dynamic customer micro-segmentation isolates customers from each other, protecting your organization from these additional threats. A second layer of network firewalls only serves to reinforce the separation, making the defenses even more formidable.

Contact our team if you want to learn more about how dedicated servers and Zero Trust Architecture can help to protect your organization from advanced threats.

Where’s the Email? Diagnosing and Resolving Issues with Missing Email

Monday, December 1st, 2014

In many ways, the Internet is still like the Wild Wild West. Email messages sent to you or from you can and do “go missing” for no apparent reason.  This can happen no matter what email provider you use. So, what happened to these “AWOL” messages?  How can you diagnose and solve the problem?

Read the rest of this post »

Alternate SMTP Ports – Send Email From Any Location

Tuesday, September 10th, 2013

When sending outbound email from an email program (like Outlook or Thunderbird) or from a mobile device (like iPhone or Blackberry) that is not using Premium MobileSync, your program or device connects to our outbound email servers using an Internet protocol called “SMTP” (The Simple Mail Transport Protocol).

An email server, however, does lots of different things in addition to sending outbound email.  It may allow checking of email via POP or IMAP, or checking your address book using LDAP, or other things. So, when your email program connects to the server it has to specify what it wants to do (i.e. send an email).  It does this by connecting to a numbered “port” on the server.  Port number “25” is the Internet standard for “regular outbound email”.

However, because port 25 is standard for outbound email, many ISPs, wifi networks, hotels, airports, and other locations that provide Internet access will arbitrarily block any connections to servers (except perhaps their own) on port 25 in order to stop spammers from using their services for the sending of spam, viruses, or malware and to prevent their IP addresses from being black listed.

Read the rest of this post »

Ultimate Control: Manage Access to Your Services with Custom Firewalls

Saturday, October 13th, 2012

Can I block this one IP that is scanning our accounts?  Can I restrict my account so that people can only access it from our office network, or require that they authenticate to WebMail first (using two-factor authentication)?

LuxSci is constantly asked for fine-grained access controls by customers who are in shared environments (sharing the same servers with many other accounts).  However, blocking access from IP addresses globally at the request of one customer may potentially affect other customers using the same system.

That is, until now. LuxSci customers can now configure their own custom firewalls to allow and deny access as they see fit without affecting other customers sharing the same server(s).

Read the rest of this post »

LUXSCI