Error: no file object

There is no 100% security!

Nevertheless: Your IT infrastructure and the information processed with your IT systems are a central part of your company today. It is all the more important to protect your systems and the data on them appropriately. The protection level should always correspond to the data and security categories to be protected. At the same time, you should take an eye for security: The IT security concepts and regulations must fit your company and your structures!

  • IT-LINUXMAKER ensures the protection of the competencies on which your company depends.

  • You will receive an independent check of your IT security conditions.

  • We check your individual risk and danger situations.

  • In this way, you gain increased trust from your customers and your potential customers (image gain) with more IT security.

  • Independent review
    Let IT-LINUXMAKER check your IT security level and take advantage of the confirmation of an appropriate IT security level.

  • Low costs
    IT-LINUXMAKER ensures that the specialist knowledge of IT security for your own employees must be trained and continuously advanced. Buy qualified employees from us who keep your specialist knowledge up-to-date through your day-to-day work, thereby minimizing the costs that may arise from a lack of IT security.

  • Transparency
    Create transparency with us and inform your employees and colleagues about various rights, maintenance, logging. Design with us your employee and customer contracts so that the implementation and guarantee of IT security in everyday company life is possible.

  • Timeliness
    In the digital world in particular, requirements and regulations are changing at a rapid pace. Keep yourself and your network structures up to date, because outdated systems and structures offer increased attack potential.

  • Pentesting
    Use our pentesting examinations for your network. This enables us to uncover and close security gaps in your IT infrastructure as quickly as possible.

Detect and ward off cyber attacks

Major threats to businesses include brute force attacks, password theft, unpatched vulnerabilities, and other network-based device attacks. Attacks via e-mail also remain a major problem: The finance department and the top management levels in marketing and HR are the main objectives of spear phishing e-mails, with the safety rules being the most frequently violated by the management at 57%.
Some of the biggest threats and attacks that target businesses - regardless of size and industry affiliation - involve Internet-based services such as RDP (Remote Desktop Protocol), SSH, SMB and HTTP. Brute-force attacks on RDP services account for over 65 percent of all network-based attacks, according to Bitdefender telemetry.

Cyber ​​criminals often probe Internet-enabled services and endpoints for RDP connections that someone outside the company can dial in remotely. Once on the target computer, they try to shut down the security solution and manually implement threats such as ransomware or lateral movement tools to infiltrate additional computers within the infrastructure.

If the RDP is not properly configured and secured, it can act as a gateway within the company and allow intruders to access sensitive internal resources. Brute forcing of passwords is one way to get information such as log-in data or even send multiple distributed requests to a server to search for valid access data.

Attempts are also made to exploit unpatched vulnerabilities in RDP services to remotely execute code and gain control over these gateways.
This type of attack is industry-independent - the company only needs to operate a publicly accessible server. If successful, attackers can move laterally across the infrastructure and compromise other servers or endpoints. This enables them to achieve persistence, to access and exfiltrate highly confidential data or to use malware that paralyzes the company or blurs traces.
Threat actors also prefer attacks that target web servers through SQL or command injection. You can activate functions for executing code on the machine and use it as a gateway or pivot point for lateral movements within the company.

Likewise, SMB exploits - they have become a common attack tactic for cyber criminals, since SMB servers are often based on Windows domain-based network architectures, so that all employees can copy documents from these network shares. By exposing these small and medium-sized servers to exploits such as EternalBlue or DoublePulsar, attackers can use them as entry points.

 

Technical details with penetration tests, SELinux, AppArmor

Penetration tests

IT-LINUXMAKER specializes in the detection of wireless attacks, man in the middle attacks, SQL injections, cross-site scripting, denial of service (DoS) and DDoS (distributed denial of service). Since here mostly configured network structures and the increase in network devices (SmartPhones, laptops), so that the increase in the weak points of the software used are reasons for the increase in cyber attacks, IT-LINUXMAKER analyzes your IT infrastructure and the devices and software used for possible known chess sites. If necessary, we also carry out penetration tests in order to be able to assess the weak points from the perspective of a potential attacker. Any weaknesses found will be closed or rectified in consultation with us.

A penetration test is the technical term for a comprehensive security test of individual computers or networks of any size. A penetration test in information technology means the testing of the security of all system components and applications of a network or software system, using means and methods that an attacker (hacker) would use to penetrate the system without authorization (penetration). The penetration test thus determines the sensitivity of the system to be tested against such attacks. An essential part of a penetration test are tools that help to simulate as many attack patterns as possible that are developed from the numerous known attack methods.

SELinux (Security-Enhanced Linux)

In the server environment, IT-LINUXMAKER uses SELinux (Sercurity-Enhanced Linux) in addition to the conventional server safeguards. This is an extension of the Linux kernel and implements access controls on resources in the sense of mandatory access control. SELinux is open source software and consists of a kernel patch and numerous extensions for system programs. There is a so-called policy for setting the rules. Most distributions offer special SELinux policy packages for their programs, which extend the policy by the respective program.

AppArmor

Another security approach that IT-LINUXMAKER pursues is AppArmor (Application Armor) is a free security software for Linux that can be used to individually assign or revoke certain rights to programs. The Mandatory Access Control (MAC) is also implemented with this extension. Just like SELinux, the software uses the Linux Security Modules interface. It runs as a kernel module and directly controls the access rights of the individual processes at the highest system level. This preventive protection is intended to protect applications from security holes that are not yet publicly known, so-called zero-day exploits. Profiles with individual security guidelines determine which access a program needs to work normally.


IT service and IT consulting

The digitization of business life, essential production processes and private life is in full swing. At the same time, threats from server failures, viruses and cybercrime are increasing. The whole thing is reinforced by neglecting IT security both in the private sphere and in the business world. Protective mechanisms that are really necessary are usually only considered when the damage has already occurred and the restoration of the IT infrastructure has caused enormous costs.
Linux offers you a secure basis in your IT infrastructure right from the start. On the one hand, because it has always been conceived as an operating system geared towards network operation. On the other hand, because the free availability of the source code makes the possibility of defective or misused functions almost impossible. In addition, “Open Source” has always meant permanent improvement by innovative specialists from all over the world. In the meantime, more and more users trust Linux, which among other things provides the kernel for the numerous Android installations, including companies and institutions such as Siemens, BMW, Lufthansa, Deutsche Post AG, Greenpeace and state institutions including the Federal Commissioner for Data Protection.
You are a company, a medium-sized company, a craft company, a sole trader with the appropriate IT infrastructure and you want to fully satisfy your customers with your products. Or you are a private individual with corresponding support requests. Your IT infrastructure should work reliably around the clock. As an expert in this field, IT-LINUXMAKER can protect your information effectively and quickly. With the services of IT-LINUXMAKER you secure your competitive advantage through the stability of your IT infrastructure and your data.

The support contracts from IT-LINUXMAKER are the ideal plus for your IT or development department. IT-LINUXMAKER supports you in all situations related to Linux with administration, monitoring, configuration, troubleshooting and script programming. Where your IT infrastructure is located, how large it is or how many users work in it does not matter for IT-LINUXMAKER.

Checklists - safe digital work

Since the beginning of the corona pandemic, many companies have also been organizing their work via home office regulations. The tips from IT-LINUXMAKER in a practical checklist format show what needs to be considered.

You can find all checklists for safe digital work here:

Secure passwords with the password card

Generate secure passwords of any length with the passwort card. You can check it out here.

 

Fee

Our fees depend on the service/product and the scope. Therefore, we can only state our fees in an offer if we already know your request.

 

Consultation request