HomeFederal Regulatory Compliance Consulting ServicesIT Security Consulting ServicesWhitepapersPartners
LinksNewsCareersAbout UsContact UsSite MapCareers

VPN & Perimeter Security

When the majority of networks relied on a single Internet connection, and the need for remote access was satisfied through banks of modems, perimeter security was an easy concept to define; wherever the corporate network touched the Internet or another network, security countermeasures were required. Today, with the advent and rapid adoption of myriad remote access solutions, the perimeter of a network is increasingly difficult to locate, leaving aside the issue of security. Where the network administrator could rest easy several years ago regarding security, there are now doubts and endless questions. Should the corporate policy take into account virus and malware risks associated with home users implementing remote access? Are the firewalls that separate the servers from the users from the Internet performing their assigned tasks, and are they even assigned the right tasks? Is my network prepared for the daily onslaught of worms, viruses, and hack attempts?

To complicate matters further there is the issue of providing high-speed, reliable remote access solutions. Users demand the ability to work from home and from the road with the same convenience that the office provides. Even without touching on the security aspects of remote access, the logistics of providing an enterprise-wide solution can be staggering. When security is combined with those concerns, what was merely a technology roll-out becomes an enterprise-wide project in need of serious attention from all divisions.

In today's environment, perimeter security extends to protecting every host on the network from every other host as well as from external threats. Throw in the concerns raised by new regulatory compliance requirements and the typical over-worked and under-staffed IT department will simply lack the time necessary to pursue all of the angles required to provide a secure, compliant infrastructure. As organizations struggle to roll-out remote access while maintaining their security infrastructure, the threat of corporate data theft increases significantly. Superior Resources Inc. stands prepared to offer secure architecture solutions that address the needs of security at the ever-changing perimeter as well as throughout a distributed, remote access-enabled network allowing your organization to address the growing needs of compliance, data protection, and audit requirements.

Network Firewalls

On the front lines of any security architecture, firewalls are the screening points for traffic entering and leaving any segment of a network. Traditionally, firewalls have been used to protect an internal network from external threats. As the threat environment has diversified to include internal users, Trojans, and other risks present on the formerly-trusted side of the firewall, both the functions and the placement of network firewalls have changed.

Many network firewalls today are implemented between the border of the network and the Internet, but an increasing number are being placed between internal networks. Firewalls control traffic between different departments as well as different organizations. By separating as many segments as possible, firewalls now offer a level of granular control that did not previously exist.

Enterprise-grade firewalls have long provided remote access solutions integrated with packet filtering security. Today, these features have been enhanced and augmented with many others. Through partnerships with other industry players, an enterprise firewall vendor can now offer virus scanning, intrusion detection and prevention, as well as content screening from the same, integrated platform.

With the trend of increasing connectivity, the enterprise is not the only market in need of good firewall security. The small and medium business segments are rapidly heating up as vendors vie for supremacy by offering many of the same features that used to be reserved for only the larger and more complex firewalls. Today's small and medium businesses demand easy administration and rock-solid security coupled with a wide feature set.

Superior Resources Inc.'s security team encompasses decades of knowledge and experience with network firewalls. Engineers with backgrounds in enterprise, medium, and small business information technology are sensitive to the needs of each market segment and balance the business drivers of compliance, data security, and audit preparedness with leading firewall technologies to produce a best-fit architecture for any organization.

Personal Firewalls

The network perimeter is vanishing. Increasingly, security incidents occur at the end-point: individual workstations, cell phones, PDAs, and laptops are subject to myriad attacks. Protection of these devices can be achieved through the use of a personal firewall to manage incoming and outgoing connections. Malicious users, worms, viruses, and Trojans are all serious threats that personal firewalls serve to mitigate. The Superior Resources Inc. security engineering team is prepared to architect, implement, and maintain the best-fit personal firewall solution for your organization.

Web Application Firewalls

Many applications that used to communicate over proprietary protocols and with stand-alone interfaces have been migrated to web platforms. Mission-critical services such as payroll, human resources, order fulfillment, and customer relationship management are now accessed through a web browser. Many of these applications contain vulnerabilities that can easily lead to serious compromise of sensitive data.

To mitigate these risks, Superior Resources Inc.'s security engineering team will architect, implement, and maintain a web application firewall solution that will fit the needs of your organization. Weighing the requirements of regulatory compliance, user demand, and business drivers, the Superior Resources Inc. solution will address all of your organization's concerns and secure your web applications .

Site-to-Site VPN

Office interconnectivity used to come in the form of expensive leased lines with high overhead and low performance. With the mass availability of low-cost digital subscriber lines and cable access, many organizations have turned to the virtual private network to provide tunnels over the Internet between each corporate site. The need to secure those tunnels necessitated the development of the transport-layer security mechanisms as well as the secure authentication processes that are present in modern VPN products.

Today's enterprise can utilize network firewalls with VPN configurations or specific hardware for the creation of secure, redundant tunnels between sites. These tunnels offer users access to systems located at offices around the world without the need for expensive directly-connected lines. In the case of a mesh-topology, branch offices can even maintain connectivity to one another in the event of a disaster at headquarters. These benefits make site-to-site VPN an integral part of any multi-site organization's network architecture.

Purpose-built site-to-site VPN products allow large enterprises the ability to segregate the duties of their personnel as well as reduce load on firewalls. By off-loading the encryption and decryption duties required for a secure VPN, the processing needs of firewalls are reduced. When the duties of VPN and network security are separated into different devices, a single point of failure scenario is reduced. Segregation of staff duties is a key component of many compliance regulations.

Superior Resources Inc.'s extensive experience with wide area networking and secure VPN tunnels lets us provide our customers with the very best network architectures and designs for implementing site-to-site virtual private networks. We can work with any organization to determine the best fit plan for VPN based on compliance needs, data security requirements, and audit preparedness combined with our thorough understanding of the state of technology in this field.

Remote Access VPN

Organizations used to rely on large dial-in facilities to provide remote access for users at home or on the road. As more users have turned to high-speed Internet access at home and more hotels are offering broadband connections to guests, demand for secure connections to corporate assets has skyrocketed. Users are not satisfied with dial-up and the cost of out-sourcing connectivity has turned many organizations to consider the remote access VPN.

Variations of the same technology that enables site-to-site secure VPN, IPSEC, allow one flavor of remote access VPN to function in much the same way. A user executes an application on their remote system that connects them to the corporate network. Once connected, the user has access to all of the same systems as they would if they were physically wired into the network. This solution is time-tested and allows access to any resource, regardless of the resource's "remote access" capabilities.

The cutting edge in remote access VPN today relies on the encryption technology that makes web transactions secure: Secure Sockets Layer (SSL). SSL VPN implementations allow users to access corporate assets from remote locations without the need for a client application. The tunnel is still secure and users still have access to internal resources, but the need for rolling out an application and training the user base is mitigated. SSL VPN offers many new features and benefits, but any resources other than web applications will need to be evaluated for their compatibility with any given SSL VPN solution.

The complexity of offering remote access to a widely-distributed user base requires the expertise and experience that the Superior Resources Inc. engineering team possesses. Compliance concerns and theft of corporate data top the list of issues that must be addressed when implementing remote access solutions. Superior Resources Inc. is prepared to protect your assets while providing you the best security architecture for your remote access needs.

Firewall Management

In today's environment, firewalls are distributed throughout network architectures. Even small organizations may have 3 or more firewalls. As these systems scale, management can become extremely difficult very quickly. Organizations must be sure that changes made to the perimeter security policy are reflected in all perimeter security devices and the same for internal security. Without proper firewall management solutions in place, patching platforms, making configuration changes, and adding policies is an up-hill battle. Superior Resources Inc.'s skilled security engineering team will architect, implement, and maintain firewall management solutions to fit the business needs of your organization. Whether you have a single firewall or dozens of data centers around the World, Superior Resources Inc. is prepared to provide the best in firewall management solutions.

Hand-held Devices

PDAs and cellular phones are quickly becoming vital business tools. With the widespread adoption of mobile, hand-held solutions, organizations are opened to an entirely new world of threats. Architecting a solution that can scale to literally thousands of devices across multiple platforms is a daunting task. Drawing on decades of experience in all aspects of security, Superior Resources Inc.'s security engineering team will provide customers with the best-fit hand-held device protection solution for their organizational needs. The shrinking network perimeter requires that end-points be secured; Superior Resources Inc.'s solutions for hand-held device security address this requirement.

Wireless LAN Security

Network administrators face increasing demand from users for the ubiquitous, easy access that wireless provides in the conference room, reception area, and back office. Security professionals dread the easy access wireless offers to the parking lot, the next floor up, and anyone driving by with an antenna. Balancing the demand for wireless with the security requirements of an organization can be a daunting task. There are so many standards and products on the market that just deciding on which form of wireless to implement can take weeks of research. "How fast does the wireless network need to be?" "Will we be using WEP, WPA, or WPA2?" "How far will the wireless network reach, and can we limit that?" "What does our regulatory compliance require?" Superior Resources Inc. is prepared to assist you in answering these and any other wireless security architecture, design, and deployment questions you may have.

The very nature of wireless defies the usual access controls that have protected networks for years; the would-be attacker no longer needs to gain physical access to an organization's network ports to be directly connected. Utilizing simple and widely-available tools, anyone from a casual observer to a determined hacker can find and connect to a wireless network signal. Organizations that are considering or have already deployed wireless networks must keep signal strength, antenna radiation patterns, and FCC regulations in mind when architecting and implementing solutions.

Multiple security requirements spring from the always-on, everywhere nature of wireless, such as mapping how far the network extends, requiring authentication for access to the network, and detecting unauthorized clients. Leaving aside security concerns for the moment, simply maintaining good network connectivity for authorized clients requires detailed planning and execution. Site surveys and coverage maps are required for proper wireless implementations.

Wireless has enjoyed enormous market success, with widespread deployment across all business verticals and home users. Superior Resources Inc. has been consistently at the forefront of wireless security architecture and implementation. Our accomplished staff of experts can balance your needs for wireless connectivity with best practices and regulatory compliance to reach the best-fit solution for your organization. Members of the Superior Resources Inc. security engineering team are published authors in the field of wireless security and are accomplished in designing, implementing, managing, supporting, and training on all aspects of wireless networking.

IPS Sniffers

One of the key requirements for deploying secure wireless is performing and updating a comprehensive site survey. Without well-documented findings showing precisely where the wireless network is weak and where it is strong, connectivity issues are difficult to troubleshoot. Further, unnecessary power output on wireless devices can lead to wireless coverage in undesirable areas, such as other floors of a shared office space or outside the building to anyone passing by. Too much power output can even lead to violation of the FCC rules governing consumer-grade wireless equipment.

Several products exist on the market to aid the security professional who is seeking to map the reach of their wireless network. These products are sometimes referred to as "wireless sniffers," as many of them maintain the same functionality as a traditional packet sniffer. Unlike the typical packet sniffer, wireless sniffers offer the ability to capture and decode 802.11 management frames from the Layer 2 communications between wireless devices. This feature can aid enormously in identifying configuration errors and signal strength issues.

In addition to the sniffing functionality, many solutions also have the ability to integrate with hand-held global positioning system equipment. By utilizing GPS, these wireless sniffers are capable of plotting the data they assemble on a map or a floor plan. Armed with detailed maps showing coverage gaps and unintended access points, the network administrator can implement new access points, change power output levels, or integrate noise-generating hardware to prevent signal overlap.

Wireless site surveys and assessments are vital to architecting and implementing the best-fit wireless solution. Superior Resources Inc. understands the necessity of accurate and well-documented data and is prepared to offer our customers clear and concise reports concerning their wireless designs and deployments. The Superior Resources Inc. security engineering team is trained and certified to offer architecture, implementation, managed services, technical support, and training to cover wireless monitoring and wireless sniffers. Utilizing our deep knowledge of wireless technologies, we can create for your organization the best-fit wireless monitoring solution.

Rogue Detection / Wireless IDS

Adding a wireless access point to a network takes only as long as opening the packaging and plugging in the cables. Straight out of the box, consumer-grade access points will begin transmitting unencrypted, unauthenticated wireless beacons to which any client within range can associate. These unauthorized access points are called "rogues," and they can be a serious security threat to any organization. Unauthorized client access can also be referred to as a "rogue," but the term generally refers to access points. Whether an organization has a wireless deployment or not, rogue access points are a serious threat to network security. Rogue detection, both client and access point, is very similar in terminology and methodology to intrusion detection and prevention.

The first step in identifying rogue access points is to create a baseline at the time of deployment for all of the legitimate access points within the organization. By clearly documenting the architecture and sticking with it through deployment, administrators know precisely what should be on the network. If the wireless network is already deployed, then a wireless assessment must be performed. Each access point identified during the course of the scans must be located physically and its configuration documented.

Once the baseline for wireless access has been established, there are many automated solutions for watching a network. The simplest of these, MAC address filtering, is built-in to most access points. While better than no security countermeasures at all, MAC addresses are easily spoofed by malicious parties seeking access to the network. For serious security countermeasures and to combat properly the threat of rogue clients, MAC filtering is not a viable option.

Some solutions for rogue detection depend on specialized access points that are distributed throughout the network. These access points tie into a centralized management and reporting server. Administrators can set wireless access policies and reporting requirements at the management console and push the policies to the access points. If unauthorized wireless activity is detected, from an access point or a client, it is reported to administrators. Some products also allow an IPS-like response action to be taken, such as disconnecting or quarantining the offending user. In either event, the security professional is provided with the information he or she needs to track anomalous activity on the wireless infrastructure.

Detecting rogue access to wireless networks is the first step in taming the wilds of wireless. Superior Resources Inc.'s team of security engineers have extensive experience with architecting, implementing, supporting, managing, and teaching all of the various approaches to wireless intrusion detection and rogue access prevention. Combining the needs of your organization with industry best practices, Superior Resources Inc. will produce a solution that allows you to track and stop unauthorized access to your wireless assets.

Wireless Gateways

To maintain a secure wireless network encryption alone is not enough; the needs for granular privilege control and audit trail creation demand that wireless deployments employ strong authentication techniques. Regulatory compliance is a large driver for organizations seeking thorough logging. With a typical wireless network, there is little identifying evidence to differentiate one client from another. The field of wireless gateways has developed to reconcile the needs for auditing and control with the benefits of wireless.

A wireless gateway solution integrates into a network between the access point and the internal systems. Before any wireless client can connect to the resources on the internal network, the user must provide credentials to the wireless gateway. Some gateway solutions allow digital certificates for user logon, or while others support only username/password combinations. There are products that also support two-factor authentication and security tokens.

Wireless gateway solutions offer different ways for the client to present their credentials for access. Some gateway products give the user a website where the user must enter an ID and password. Others integrate with operating system logon functions or application-specific authentication.

The back-end of the authentication can take place in a local database hosted on the wireless gateway or through separate systems. When combined with directory services, wireless gateway authentication is easily managed through the same interface as the wired network. Many wireless gateway products support LDAP, RADIUS, NT Domain and Active Directory.

Superior Resources Inc.'s security engineering team is equipped and prepared to architect, implement, support, manage, and teach the intricacies of wireless gateway authentication for any organization. Utilizing our extensive background in wireless security and compliance management, Superior Resources Inc. will architect and implement a solution for your organization that provides the auditing and reporting capabilities required by major regulatory bodies.

APs / Infrastructure

Wireless networks are bringing productivity gains across business verticals as organizations continue to find ubiquitous wireless access an affordable and highly useful tool. Deploying wireless for the enterprise can be a difficult and challenging task. Where should access points be located? What channels are best to reduce interference? What standards are the most secure? How will all the pieces interoperate? Superior Resources Inc.'s security engineering team has been at the forefront of the wireless revolution since the emergence of the 802.11 series of wireless standards. Superior Resources Inc. will architect, install, and maintain wireless infrastructure for your organization that will enhance productivity without the additional security risks found in most wireless deployments.

Authentication / 802.1x

One of the key drivers in the rapid uptake of wireless networking is the advertised ease of setup. It is true that most wireless hardware will connect out of the box without additional configuration, but in such a state wireless devices are completely insecure. The most troubling factor of this insecurity is the inability to control who connects to a wireless network. With the inclusion of the 802.1x standard for authentication, this critical need has been met. By interoperating with standards-based authentication back-end servers using the RADIUS standard, 802.1x allows wireless access points to deny access to users that do not successfully authenticate themselves. Superior Resources Inc.'s security engineering team will architect, implement, and maintain a best-fit wireless authentication scheme for your organization. Drawing on decades of practical, real-world engineering experience, our team will insure that your wireless security needs are met.

Web Application & Database Security

Application security is one of the most challenging aspects of network security. Put simply, application-level security ensures that eBusiness applications interact with end users only in ways that were intended by the application's developers. Application-level security is focused on preventing the unauthorized use of a networks' resources or customer information by hackers attempting to gain access to the eBusiness network directly through the application itself. Application-level hacks typically exploit weaknesses in HTML coding, Common Gateway Interfaces (CGIs), or in third party products such as web servers or scripts. The following pages will more fully describe the problem of application security and a general approach to solving the problem.

Web applications today house the most valuable assets a company has, namely their digital information and data. Current approaches to web application protection address security issues at the last and most expensive stage of the application lifecycle - deployment. With the amount of new code being added or changed every day, it has become impossible to keep up with all the necessary manual patching or fixing. The only way to beat the hackers at their own game is to think about security from the earliest stage of Web application development, and then fight automation with automation at each stage of the application lifecycle.

Application Scanners

The ease of deploying custom web applications has lured many organizations into a false sense of security concerning the confidentiality and availability of their mission-critical applications. With a single line of code and tools no more sophisticated than a web browser, attackers can destroy payroll, human resources, and financial web applications. To combat these threats, security must be designed into web applications. Web application scanners provide developers with information regarding vulnerabilities within their programs. The output of these scanners helps to remove the critical design flaws which could allow serious compromises in the future. Superior Resources Inc.'s security engineering team will weigh the types, business roles, languages, and platforms of applications in your organization to recommend and implement the best-of-breed application scanner to best fit your needs.

Application Firewalls

Many applications that used to communicate over proprietary protocols and with stand-alone interfaces have been migrated to web platforms. Mission-critical services such as payroll, human resources, order fulfillment, and customer relationship management are now accessed through a web browser. Many of these applications contain vulnerabilities that can easily lead to serious compromise of sensitive data. To mitigate these risks, Superior Resources Inc.'s security engineering team will architect, implement, and maintain a web application firewall solution that will fit the needs of your organization. Weighing the requirements of regulatory compliance, user demand, and business drivers, the Superior Resources Inc. solution will address all of your organization's concerns and secure your web applications.

Proxy Servers

There was a time when proxy servers were left to languish as old technology; they were considered out-dated and not fast enough to compete in the world of stateful-inspection firewalls and ASIC-based network security solutions. The latest generation of proxies has shattered those myths with near-wire speed service and extreme flexibility for content filtering. Are you considering a content filter that will be in high-demand for numerous users? Are you concerned about malicious software making its way into your network? Do you want a single point for logging and auditing? If your organization is facing any of these issues, a dedicated proxy platform may be the best solution.

Proxy servers operate on the premise of "store-and-forward." When a client wishes to access a site, for instance www.superiorresources.com , the client opens a local port, connects to the remote server on port 80, and asks for the webpage. In a proxied environment, the client connects to the proxy server first. The proxy then makes the final connection to www.superiorresources.com and asks for the webpage. The page is sent to the proxy server where it can be cached for faster access in the future or logged for audit trails. Finally, the page is returned to the original client.

It has been recognized that "store-and-forward" is a very secure means of connecting clients and their final destinations. The proxy server could perform antivirus, content screening, and any other tests or scans that the administrator deems necessary before the data ever reaches the client. Unfortunately, this style of connection has required a significant amount of processing and network overhead historically.

Due to advances in processor and network technology, proxy servers today can offer speeds that used to be reserved only for the most advanced stateful firewalls. Proxy servers can be placed in front of millions of users and can be relied upon to perform their duties at high-speed. When combined with antivirus and content screening, a proxy server can become the keystone in protecting your client PCs.

Superior Resources Inc.'s security engineers have extensive experience implementing proxy servers for wildly divergent environments. Regardless of your business requirements, Superior Resources Inc. can tailor a proxy solution to fit your needs. Through combination of an advanced, modern proxy server with antivirus and content filtering, Superior Resources Inc. can customize a solution for your environment that will meet the drivers of your industry and your specific networks.

Database Encryption

The information in an organization's databases is its lifeblood; disclosure or alteration of that data in many cases leads to serious financial repercussions. In combating the threats to sensitive databases, administrators must perform all of the same duties as with critical hosts: intrusion detection and prevention, patch management, password policies, and regular assessments. These duties become difficult when, for instance, there is no patch available. In these cases, database encryption solutions fill the void. Whether your organization requires encryption of the entire file system of the database server or encryption of individual columns within specific tables, Superior Resources Inc.'s team of security engineers will architect, implement, and maintain the database encryption solution that's the best-fit for you. Drawing on decades of practical, real-world engineering experience, our team will minimize the processing overhead and maximize the security benefits that your organization will realize from a database encryption solution.

SSL Accelerators

The lure of ecommerce draws many organizations to the Internet as a prime location for offering their goods and services. Unfortunately, ecommerce is also the number one target of attackers. To mitigate this threat, businesses using the Internet for secure transactions have turned to Secure Sockets Layer, SSL, to protect sensitive information. SSL provides a wrapper of encryption, but comes at a heavy CPU cost. In order to maintain consistent availability to ecommerce sites, organizations often employ SSL acceleration devices to handle the intensive mathematical computations required to provide security to customers. Superior Resources Inc.'s security engineering team is well versed in the details of SSL accelerators and will draw on practical, real-world experience when architecting, implementing, and maintaining your SSL acceleration solution.

Database Scanners

When assessing the security posture of a network, databases and their mission-critical information must be examined. Automated tools for scanning databases greatly reduce the amount of time this process requires. These tools look for common vulnerabilities in the database server configuration such as default usernames and passwords as well as look at each row and column of data. Many scanners will attempt to create and delete rows and columns as well as modify existing data using system default credentials. Parsing the output of a database scanner will require some time, but the results lead directly to enhanced security from corporate data theft. Superior Resources Inc.'s security engineering team is well-versed in the details of database security. Drawing on decades of practical, real-world engineering experience, the Superior Resources Inc. team will architect, implement, and maintain a database security solution to meet your organization's best-fit requirements.

Database Firewalls

In the age of corporate accounting standards and information privacy laws, data theft has consequences ranging from lost revenues to bad public relations to serious jail time for company officers. As databases are generally the central repositories of sensitive information, they are on the front-line of the continual assault by intruders. Database firewalls are absolutely necessary for any organization deploying database informational storage solutions. By limiting and controlling not only which hosts have access to the database but also what types of access is granted, database firewalls can mitigate many attacks that perimeter firewalls or access control lists may miss. Superior Resources Inc.'s security engineering team has decades of real-world, hands-on experience in database deployment and security. Weighing business drivers, best practices, and regulatory compliance, Superior Resources Inc.'s database firewall solutions provide your organization with the best in database security.

Secure Portal Access

The deployment of information portals brings enormous productivity gains: employees are able to immediately locate and access data that once was hidden away in some unknown network resource; document management is often built-in, allowing multiple authors for single documents with ease; administration of access rights is found in a single location. Along with all of these benefits, portals pose a potentially-serious security risk: nearly all corporate data is located in a single place. Due to this aspect of portal functionality, secure portal access solutions are an absolute requirement for any organization deploying a portal system. Superior Resources Inc.'s practical, real-world experience allows our security engineering team to architect, implement, and maintain the best-fit secure portal access solution for your organization.

Access & Identity Management

With the growth of e-business, organizations are wrestling with the challenge of managing secure access to information and applications scattered across a wide range of internal and external computing systems. Furthermore, they have to provide access to a growing number of users, both inside and outside the corporation, without diminishing security or exposing sensitive information.

As organizations evolve, the addition of new services require user authentication at each of those business resources. The use of many disparate data sources for authenticating users creates IT environments that become burdensome or impossible to maintain. By consolidating and centrally locating your organizations user account information, these same environments become manageable.

Enterprise user information exists today in several disparate data stores. These data stores typically exist as NT Domains, Active Directory Databases, Novell Directory Services (NDS) and UNIX user databases. This user data can be brought together and synchronized with a central Directory Database (LDAP). Once this LDAP directory exists, all applications that are LDAP compliant can be authenticated against it.

Authentication Tokens

Organizations face many choices when choosing what to use as authenticating devices for access to crucial systems and data. There are three categories that authenticating information falls under: what you have, what you are, and what you know. A password is an example of what you know; biometric authentication schemes (for instance, retinal scans) come under what you are; a security token device is something you have. Some businesses choose to go with a single authentication mechanism, but attackers in today's environment are increasingly sophisticated. The advent of springboard attacks, keyloggers, and trojans now require the use of two-factor authentication for network access. The combination of more than one authenticating technique is vital to prevent unauthorized disclosure of data. One of the most cost-effective and user-friendly two-factor authentication schemes is the combination of passwords with an authentication token.

There are multiple varieties of authentication tokens. One of the most common consists of an LCD screen that shows a number which rotates on a schedule based off of a key that is shared with a centralized server. When a user is prompted to login, they are required to provide their username, password, and the number that the token is showing at that moment. Encased in a tamper-proof shell, these tokens have a large installed user base and have proved effective as security enhancements all over the World.

Smart cards are another variety of authentication token that rely on embedded chips within a credit card-sized plastic encasement. There are three varieties of smart card, each with a different level of capability. For identity management, only CPU-based smart cards with PKI capabilities are important. These smart cards are capable of housing digital certificates and using them for authentication as well as encryption and decryption of sensitive material. Smart cards offer a wide range of flexibility and functionality but suffer due to their requirement of a dedicated reading device.

One of the most recent developments in authentication tokens, USB-based smart cards look similar to USB keychain storage devices. Inside, they contain the same PKI abilities as their larger smart card cousins. These USB authentication tokens do not require specialized readers, thus removing a difficult and painful step in the roll-out process.

The security engineering team at Superior Resources Inc. is prepared to architect and implement an authentication token solution that fits the specific needs of your organization. Weighing the deployment costs, regulatory compliance, and business drivers, Superior Resources Inc.'s solution will address all of your concerns without breaking your budget. The practical, real-world experience of the Superior Resources Inc. engineers assure that your authentication token implementation will exceed all of your expectations.

Biometrics

Two-factor authentication greatly increases the security of critical systems and data. Rather than simply providing a password which could be guessed, logged, or otherwise captured, users are required to offer two forms of identification to the authentication service before gaining access. In the field of biometrics, a user is typically required to offer a password as well as a fingerprint, thumbprint, handprint, or retinal scan. Superior Resources Inc.'s security engineering team possesses real-world implementation experience in rolling-out biometric solutions. By weighing business needs, best practices, and regulatory compliance concerns, Superior Resources Inc. will architect, implement, and maintain the best-fit biometric solution for your organization.

Digital Certificates

When considering two-factor authentication, digital certificates provide a powerful tool and are easy-to-use from a user's perspective. Additionally, digital certificates are used for file and document encryption, email security, VPN and remote access encryption, as well as web security solutions. Rolling out digital certificates across an enterprise can be a difficult and challenging task. Superior Resources Inc.'s team of security engineers possess practical, real-world experience in digital certificate architecture, implementation, and maintenance. Superior Resources Inc.'s digital certificate solution will provide your organization with an enhanced security posture.

Single Sign-On (SSO)

The preponderance of custom applications within networks made of heterogeneous systems leads to an enormous number of credentials that users must supply. When combined with two-factor authentication, the difficulty of maintaining a unified user authentication system grows exponentially. Single sign-on solutions integrate all of the applications and systems on a network into a single authentication scheme. Users supply their credentials (whether they're two-factor or a regular password) one time and are not asked again for the remainder of their session. Superior Resources Inc.'s security engineers are seasoned experts at deploying large and small-scale single sign-on solutions. By examining carefully the contents of your network, systems, and custom applications, Superior Resources Inc. engineers will architect, implement, and maintain the best-fit single sign-on solution for your organization.

Password Management

Passwords are the keys to most organizations' confidential data. Managing users' passwords across a distributed enterprise on a multitude of platforms and systems requires either limitless time or a unified password management solution. Superior Resources Inc.'s security engineers possess real-world, practical experience in architecting and implementing password management systems. Superior Resources Inc.'s solutions will make available to your network administrators an easier, more secure password management platform that will increase your overall security posture.

Directory Services

As an organization grows its needs for user management change significantly; the standard tools, good for a few hundred users, are entirely impractical when considering thousands upon thousands of users distributed across the globe. Directory services solutions provide IT personnel with easy reporting, monitoring, and administration of an enormous user population. With the ability to assign limited administrative roles to departmental heads and other business process owners, the IT department is able to reduce its workload for tasks such as password changes and granting access to departmental data. Architecting and implementing a directory services solution requires the practical, real-world experience of the Superior Resources Inc. security engineering team. Weighing business drivers, best practices, and regulatory compliance concerns, Superior Resources Inc.'s directory services solution will be a best-fit for your organization.

AV, Email & Content Security

Threats to information systems are not limited to deliberate attacks. With the spread of worms and viruses, peer-to-peer file sharing and instant messaging, and insecure email and inappropriate content, organizations must implement defenses that are capable of stopping inadvertent misconduct as well as obvious attacks. Are peer-to-peer applications making use of your network for illegal file transfer? Are your systems infected with viruses, worms, or malware? Are your employees visiting sites that may result in legal liability for the organization? Without proper content security solutions in place, it is impossible to answer these questions quickly and accurately.

The workhorse of the content security arena is the venerable antivirus application. While many administrators view AV as a turn-key solution, there are many more details to be considered when choosing and deploying an antivirus product. Is centralized management, logging and reporting important to your organization? Will all of the email clients in use integrate with a particular AV solution? What is the process for scanning systems that have been off of the network, for instance mobile laptops and PDAs? Superior Resources Inc.'s security engineers are prepared to assist your organization in answering these questions and in architecting the best-fit antivirus solution for your business.

Email is a mission-critical application for almost every organization in today's world. Any threat to the usefulness of email is a direct threat to productivity. The preponderance of spam that can clog an inbox in minutes is enough to make even the most dedicated employee find alternate routes for communication and thus bypass AV and other filters. These reasons combine to make spam a serious threat to security and to business. Anti-spam technology is a field undergoing rapid development and Superior Resources Inc. stands ready to guide our customers to the best-fit choice through making weighing best practices and business drivers.

There was a time when web-based threats were relatively unimportant because few employees had or needed web access. That time has passed as the employees of today require web access to perform research, gather contact information, and engage in other business tasks. While the web brings great information resources, it can also serve as a vector for harmful and offensive content. Organizations must be mindful of what their employees are visiting both for legal and technical reasons. The field of web content filtering has seen rapid improvements of late and Superior Resources Inc. has followed closely these developments. Superior Resources Inc. is prepared to offer the latest and industry-greatest in web content filtering.

Content security is a vast space and is growing quickly. Organizations can count on the expertise and experience of Superior Resources Inc.'s security engineers to provide architecture, implementation, technical support, managed services, and training on all aspects of content security. With the serious threats to confidentiality and integrity posed by viruses, worms, malware, spam, and malicious web content, content security is an integral piece of complete security architectures.

Anti-Virus

Defending the endpoints of a network is a mission-critical task for information technology departments in today's threat environment. Antivirus solutions are the cornerstone of desktop defense. While installing and maintaining AV on a single desktop may be an easy enough task, the distributed management of thousands of endpoints all utilizing antivirus software in need of updates and maintenance can quickly become troublesome for administrators. Superior Resources Inc.'s robust antivirus offerings and in-depth experience will sweep away your virus, worm, and malware-related troubles through the architecture, implementation, and maintenance of a best-fit antivirus solution.

Anti-Spam

Most employees use email more than any other network application. Email is truly the killer-application for interconnected business networks. It has been estimated that 40% of all Internet email traffic is spam, or unsolicited commercial advertisement. With such an enormous volume, spam has the potential to destroy the usability of email. Fortunately, the anti-spam market is burgeoning with products capable of mitigating the torrent of unwanted email and returning your communications systems to usefulness.

Products for spam filtering take extremely diverse approaches in how to identify and remove spam. One of the first methods devised, blacklisting at the router or firewall provides some protection from spam. There are multiple organizations that maintain lists of known spam-related networks. These lists are available for free and can be imported into most major firewall and routing platforms to block connections before they ever reach the mail server. Many times, these lists will be overly broad and legitimate connections may be prevented.

Similar to antivirus and intrusion detection and prevention, anti-spam can also make use of signatures. Known spam emails can be condensed into signatures containing exact numbers of characters. If an email comes through that matches the signature, it can be dropped. Spammers are aware of signature-based filtering and defeat it by inserting random text into their emails which throws off the signature count. Despite this work around, signature-based spam filters can be very effective on a large amount of spam.

Heuristic analysis of email, like that of viruses and intrusion detection, looks for known patterns that are common in spam messages. Many spam messages contain a large number of uppercase letters, exclamation points, and re-used phrases. Messages containing a certain threshold of patterns will be dropped by a heuristic filter.

Blacklists, signatures, and heuristic analysis can be implemented at the server or on the workstation. Bayesian filtering, the latest in anti-spam technology, requires the interaction of the user. Users "tag" messages as spam when they arrive and leave legitimate messages alone. The Bayesian filter calculates a probability for each word based on the number of times it occurs in spam and the number of times it occurs in non-spam. After being "trained," the Bayesian filter is one of the most accurate and effective measures in combating spam.

Another developing anti-spam measure is the challenge-response model. When this solution is implemented, a sender must be on the receiver's "white list" to get through the filter. If the sender is not on the "white list," the receiver's mail server dispatches a message asking for confirmation. Upon confirmation from the sender, the message is forwarded to the receiver. This method is time-consuming and can be difficult for untrained users.

The Anti-Spam field is changing rapidly. Superior Resources Inc. continually partners with new industry leaders to continue to provide the best in anti-spam solutions to our customers. Using a combination of technologies and best-of-breed products, Superior Resources Inc. can architect, implement, support, and manage anti-spam solutions as well as offer training.

Web Content Filtering

The web offers boundless opportunities for employees to enhance their productivity in the workplace. Unfortunately with the benefits of interconnectedness come security and legal liabilities. Network administrators are often faced with shortages in bandwidth and other resources; what if a majority of the usage is illegitimate? What if much of the traffic is inappropriate and creates potential legal liabilities? Are employees skirting the company email policy and using external web mail? What percentage of time is wasted on non work-related websites? These questions must be answered and web content filtering is the logical starting point.

Many organizations have solidified email policies regarding retention and privacy as well as confidentiality. With the preponderance of free web email services however, employees can easily bypass security controls at the email server in favor of communicating out-of-band. These conversations could be as simple as personal correspondence, but could easily be confidential corporate data. Preventing or restricting access and attachments to web mail is paramount in maintaining confidentiality of corporate data.

Inappropriate browsing is a serious issue in the modern workplace. Employees who surf to websites containing pornography, hate speech, or any other objectionable content are not only wasting time but could also be a legal and PR liability. How would it look on the front page for your IP addresses to be in the logs of sites purveying smut? And can your organization afford a lawsuit for sexual harassment? This remains a key driver in web content filtering, as it has always been, but today the technology has advanced significantly.

The original web filtering was accomplished by blocking web addresses with certain keywords. This was easily bypassed through the use of anonymous proxy servers or direct IP access to websites. To combat these workarounds, content filtering began using blacklists compiled by filtering vendors and other organizations. In addition to the standard blacklist of websites that contain objectionable material, the newest filters can inspect images for evidence of too many skin tones, re-write URLs to prevent bypassing the filter, and flag sites that may be out of the usual range of employee use.

The images, videos, and words of objectionable sites are bad enough, but in addition many of the same sites also embed spyware, adware, viruses, and other undesirable applications. The triple threat of lost productivity, system attack, and legal liabilities creates an environment where organizations must define and enforce a web usage policy.

Superior Resources Inc.'s background and expertise in web content filtering allows our security engineers to design a unique logical and technical solution to your web content problems. By implementing web content filtering solutions, Superior Resources Inc.'s clients have realized productivity increases and heightened security. Superior Resources Inc. can combine our experience and the drivers of your business with any combination of web filtering technologies to deliver the customized content that your organization needs to thrive.

Instant Messaging Control

With regulatory compliance and corporate data theft as rising concerns, administrators must face one of the largest, uncontrolled communication vectors: instant messaging. The leading IM providers boast millions of subscribers and provide IM clients free of charge. These clients possess port agility: the ability to send and receive traffic across any allowed port, including ports 80, 25, 110, 23, and other commonly open TCP ports. Users can connect to instant messaging services and transmit sensitive internal data, waste productive time, and receive viruses, malware, and worms. These threats must be mitigated within effective security architectures. To accomplish this task, Superior Resources Inc. has integrated best-of-breed IM control solutions into our product and services offerings. The Superior Resources Inc. security engineering team will architect, implement, and maintain an IM control solution that will prevent data theft, stop virus propagation, and provide your organization with a best-fit integration to monitor IM activity.

Proxy Servers

There was a time when proxy servers were left to languish as old technology; they were considered out-dated and not fast enough to compete in the world of stateful-inspection firewalls and ASIC-based network security solutions. The latest generation of proxies has shattered those myths with near-wire speed service and extreme flexibility for content filtering. Are you considering a content filter that will be in high-demand for numerous users? Are you concerned about malicious software making its way into your network? Do you want a single point for logging and auditing? If your organization is facing any of these issues, a dedicated proxy platform may be the best solution.

Proxy servers operate on the premise of "store-and-forward." When a client wishes to access a site, for instance www.superiorresources.com , the client opens a local port, connects to the remote server on port 80, and asks for the webpage. In a proxied environment, the client connects to the proxy server first. The proxy then makes the final connection to www.superiorresources.com and asks for the webpage. The page is sent to the proxy server where it can be cached for faster access in the future or logged for audit trails. Finally, the page is returned to the original client.

It has been recognized that "store-and-forward" is a very secure means of connecting clients and their final destinations. The proxy server could perform antivirus, content screening, and any other tests or scans that the administrator deems necessary before the data ever reaches the client. Unfortunately, this style of connection has required a significant amount of processing and network overhead historically.

Due to advances in processor and network technology, proxy servers today can offer speeds that used to be reserved only for the most advanced stateful firewalls. Proxy servers can be placed in front of millions of users and can be relied upon to perform their duties at high-speed. When combined with antivirus and content screening, a proxy server can become the keystone in protecting your client PCs.

Superior Resources Inc.'s security engineers have extensive experience implementing proxy servers for wildly divergent environments. Regardless of your business requirements, Superior Resources Inc. can tailor a proxy solution to fit your needs. Through combination of an advanced, modern proxy server with antivirus and content filtering, Superior Resources Inc. can customize a solution for your environment that will meet the drivers of your industry and your specific networks.

File & Document Security

Confidential corporate documents must not be disclosed by their very nature, but with the added concerns of regulatory compliance, there may be harsh penalties for failure to restrict certain types of access. Network administrators can be confident that their secret information remains so through the implementation of file and document security solutions. By creating "fingerprints" of information, document security can prevent malicious insiders from leaking financial documents, payroll, human resources, business plans, and any other type of information. Without a properly-implemented file and document security solution, organizations are wide open to data theft issues and the potential repercussions.

Superior Resources Inc. will architect, implement, and maintain a file and document security solution that will address the needs of your specific organization while still complying with regulations and best practices. Superior Resources Inc.'s thorough background as a holistic security solutions provider provides our customers with the best in file and document security solutions.

Adware / Spyware

Businesses rely on their employees to maintain productivity, and employees, in turn, rely on their computing assets. The rapid propagation of adware, unwanted applications which spam users with advertisements, has diminished the availability of computing resources and thus had a direct impact on the productivity of employees in countless organizations. Further, adware comes in many varieties, including applications which steal passwords, log actions, and generate spam email.

These malicious activities can compound to utilize all of the resources of a user's workstation and render the system worthless for business purposes. Solving your adware problems will be members of Superior Resources Inc.'s security engineering team, staffed by experts with thorough backgrounds in desktop, network, and enterprise security. Superior Resources Inc.'s adware solutions integrate the needs of your business with best practices and regulatory requirements to provide your organization with a system that is easy to manage and efficient.

Intrusion Detection & Prevention

The fields of Intrusion Detection and Prevention were created from the business need to intercept potential intrusions and treat them differently than network configuration errors and other log-generating problems. While good network administrators can identify the odd traffic that an exploit may generate, most networks are far too busy to be constantly monitored, even by a team of experts. Security professionals are often asked questions like "How many attacks are being prevented on a daily basis?" "Are attacks occurring on the internal network?" "What can we do to stop attacks we don't know about yet?" To address these issues an automated system capable of inspecting all network traffic is an absolute requirement.

SANS reports that the average time between attacks is 17 minutes. For large networks that encompass many IP addresses, this interval can be cut in half. Intrusion Detection and Prevention are key elements in a layered defense model. While a firewall can block the attacks you know about, an Intrusion Detection or Prevention system can identify and stop attacks that very few people know about yet. It is precisely this ability to combat the unknown that makes IDS and IPS integral to any successful security implementation.

The best hackers maintain arsenals of tools that would be the envy of many involved in network security. The majority of these applications are custom-developed and designed to take advantage of vulnerabilities that haven't even been disclosed to software developers and vendors, much less the general public. Many of the risks posed by such "0-day" exploits can be mitigated with Intrusion Detection and Prevention devices which can monitor for traffic that is "out of the ordinary."

The risks faced by networks today are significantly greater than at any point in the past due to the rapid proliferation of worms and other malware. Most network administrators maintain a busy schedule even without the added stress of constantly modifying firewall rules to stay on top of the latest outbreaks. With an IDS or IPS solution, the valuable time of senior engineers can be put to better use elsewhere while the risks from internal and external sources are highly curtailed.

The security engineers of Superior Resources Inc. have extensive experience with IDS and IPS solutions. By integrating the needs of an organization with best practices, Superior Resources Inc. can provide any customer with architecture, implementation, technical support, managed services, and training for Intrusion Detection and Prevention. Regardless of the business vertical, Superior Resources Inc. is capable of providing a best-fit solution that will suit your needs.

Network IPS

A Network Intrusion Prevention System (NIPS) is an active component required in any security architecture. NIPS provide network administrators with a valuable tool in combating the thousands of probes, scans, and attacks that cross a network every day. As the threat environment diversifies to include internal as well as external threats, a distributed NIPS implementation will give administrators comfort when reading about the latest and most damaging worms, viruses, and malware.

Deployed throughout the network topology wherever there is a chokepoint (router, firewall, or other gateway), NIPS are implemented as "taps" which connect to the network and pass traffic like a gateway. A NIPS will examine the traffic and determine if it is a viable, allowable data flow or if it is anomalous. If it is the latter, pre-defined actions take place, ranging from logging the activity to stopping the occurrence completely. When deployed at the edge of the network, IPS is even able to perform "islanding" of the network by completely stopping all traffic to and from the Internet if such a response is deemed necessary by administrators.

A NIPS can utilize several methods to determine if traffic is undesirable. The most basic of these forms is a rule base similar to the ones found in firewalls. For well-known attacks and obvious port scans, rules are a quick way to remove processing overload and still prevent intrusions. Some NIPS implementations utilize attack signatures as the next line of defense. These signatures are similar to virus definitions and allow the NIPS to perform pattern-matching between what is known as an attack and the traffic that is traversing the network. Finally, some NIPS solutions allow for heuristic analysis of network traffic. By creating a baseline of what is considered "normal" activity, the NIPS can then compare to the baseline whenever traffic has been allowed via the rules and the signatures. If the baseline traffic and the current traffic differ, the current traffic can be logged or halted.

Network Intrusion Prevention is a rapidly growing field and Superior Resources Inc. maintains premiere partnerships with industry leaders. Superior Resources Inc. security engineers can aid any organization in architecting a NIPS solution and can follow up with implementation, technical support, managed services, and training. Superior Resources Inc.'s dedication to best practices security architecture gives us the edge in designing the most response solutions for any business vertical.

Host IPS/IDS

Due to the rapid and destructive proliferation of adware, spyware, worms, and viruses, computing resources at the end-point are in grave danger. Workstations, laptops, even PDAs and cell phones have become the targets of vicious applications intended to spam users with unwanted ads, leak confidential information, or use the system's bandwidth and resources for illegal activities. The old solution to these problems was to only grant Internet access to a few employees. With today's reliance on connected organizations, this is no longer an option. From this complex and demanding problem comes the field of Host Intrusion Prevention Systems (HIPS).

HIPS manifests itself as an application installed on any end-point system, including clients and servers. This application may take the form of an "agent" which obtains its policies from a centralized management server, or the end-point may be setup with a stand-alone configuration. The agent-based solution provides easy management of thousands of distributed clients and allows centralized logging and reporting. When selecting HIPS solutions, it is imperative that compatibility be confirmed as each vendor supports only certain operating systems.

Once installed on a system, HIPS creates a baseline of normal activity, profiling the system and its applications. Once HIPS has completed its "learning," enforcement of the baseline actions begins. Under this enforcement, any application that behaves differently than its routine can be logged or stopped. In extreme cases, the entire system could be isolated from the rest of the network until support personnel could solve the problem. By assuming that any change is unwanted, HIPS can protect against unknown exploits and vulnerabilities. Systems are only allowed to function within the narrow parameters defined during deployment of the HIPS.

HIPS provides systems administrators with an incredibly valuable tool in insuring that system configurations remain constant and that new and unknown attacks cannot compromise sensitive systems. Corporate data theft, misuse, and virus propagation can all be mitigated through proper implementation of well-secured HIPS solutions.

Superior Resources Inc.'s security engineers have followed the developments in the Host Intrusion Prevention space very closely and have been at the forefront of implementation for industry leaders. Superior Resources Inc. is prepared to offer any organization the expertise they need to select and implement a HIPS solutions to fit any business requirements.

Network IDS

With the increasing number of devices on corporate networks, the sheer amount of network traffic has skyrocketed. Where administrators could reasonably watch traffic and detect anomalous traffic themselves, the volume and complexity of today's network traffic requires dedicated systems to perform this task. Network intrusion detection systems inspect all of the traffic traversing their logical segment and flag any traffic that appears to be malicious. This variety of intrusion detection is capable of seeing network attacks from the inside and the outside. Some systems are also able to send TCP reset commands to stop intrusion activity. Superior Resources Inc.'s security engineering team understands all of the complexities of network intrusion detection system deployment. Weighing your needs with best practices and business drivers, Superior Resources Inc. will architect, implement, and maintain the best-fit network intrusion detection system for your organization.