Announcing AWS Quick Start Reference Deployment for VNS3

Announcing AWS Quick Start Reference Deployment for VNS3

by | Jun 28, 2019 | AWS, DevOps, HIPAA

Want a HIPAA/HITECH compliant application deployed to AWS in minutes? Read on!

We’re proud to announce the release of our first AWS Quick Start reference deployment for configuring and launching our VNS3 overlay network for your cloud application. Working closely with Amazon we’ve leveraged the proven power of AWS CloudFormation to take our secure and scalable solution and make it even more accessible. With our Quick Start deployment, VNS3 can easily secure your cloud application to HIPAA and HITECH standards in as few as fifteen minutes, supported by best practice tools and strategies for automating your infrastructure deployments.

Check out our Quick Start Guide here! Keep reading for more information about this release.

VNS3 AWS Quickstart Architecture

Save Time

Our Quick Start was built by AWS and Cohesive Networks solutions architects to help you automatically deploy a VNS3 topology quickly and easily. Don’t worry about high availability and security, we’ve included it for no extra charge! Build your production deployment fast and start using it now.

Reduce Complexity

Simple (not to be confused with simplistic) is secure. VNS3 provides a generalized approach to encryption across your cloud deployment. This enables you to field a clean VPC Route Table and Security Group configuration to reduce attack surface and minimize misconfigurations.

Control Encryption

AWS provided and controlled, symmetric encryption with common shared keys isn’t enough for regulated industries. Customer controlled encryption with VNS3 is essential to securing PII/PHI in order to pass HIPAA audits. VNS3 as demonstrated in this Quick Start Guide provides a simple and programmatic way for achieving HIPAA compliance.

Added Bonus

Do you use blocked protocols like UDP multicast? The VNS3 encrypted overlay network deployed by this guide allows you to redistribute UDP multicast within your AWS VPC deployment. Now you can apply the same design principles to your cloud applications, whether designing cloud native or lifting and shifting.

Moving Forward

Following the successful launch of our first AWS Quick Start Guide, we’re excited to move forward and create new reference deployments for all the various use cases VNS3 supports. We’re cooking up AWS Quick Start Guides that deal with more complex peered VNS3 topologies, demonstrating different High Availability and Network Federation capabilities. We are also working on an Azure QuickStart template for deploying the encrypted Overlay Network for Microsoft Windows VMs later this summer.

An intro to Internet Protocol Security

by | Nov 8, 2017 | Networking Fundamentals, Security

IPsec: Internet Protocol Security

Internet Protocol Security ( IPsec ) is a set of protocols defined by the IETF, to provide IP security at the network layer. IPsec uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection.

You can use IPsec to protect data between:

  • a pair of hosts (host-to-host),
  • a pair of security gateways (network-to-network),
  • a security gateway and a host (network-to-host).

IPsec is end-to-end, operating at Layer 3 (Network). Only IPsec protects all application traffic over an IP network. Using IPsec networks can ultimately secure applications from the IP layer. For comparison, other Internet security systems operate in the upper layers: Transport Layer Security (TLS) operates at Layer 4 (Transport Layer) and Secure Shell (SSH) at Layer 7 (Application layer).

What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It’s the network protocol used to deliver virtually all files and other data ( called resources) on the Web. HTTP takes place through TCP/IP sockets.

A browser is an HTTP client because it sends requests to an HTTP server (Web server), which then sends responses back to the client. The standard (and default) port for HTTP servers to listen on is 80, though they can use any port.

What are “Resources”?

HTTP is used to transmit resources, not just files. A resource is some chunk of information that can be identified by a URL (it’s the R in URL). The most common kind of resource is a file, but a resource may also be a dynamically-generated query result, the output of a CGI script, a document that is available in several languages, or something else.

Structure of HTTP Transactions

Like most network protocols, HTTP uses the client-server model: An HTTP client opens a connection and sends a request message to an HTTP server; the server then returns a response message, usually containing the resource that was requested. After delivering the response, the server closes the connection (making HTTP a stateless protocol, i.e. not maintaining any connection information between transactions).

The format of the request and response messages are similar, and English-oriented. Both kinds of messages consist of:

  • an initial line
  • zero or more header lines
  • a blank line (i.e. a CRLF by itself)
  • and an optional message body (e.g. a file, or query data, or query output).

Put another way, the format of an HTTP message is:

<initial line, different for request vs. response>

Header1: value1

Header2: value2

Header3: value3

<optional message body goes here, like file contents or query data;

it can be many lines long, or even binary data $&*%@!^$@>

See the full HTTP article at HTTP Made Really Easy

4 tips for managing cybersecurity for small business

4 tips for managing cybersecurity for small business

by | Jul 18, 2017 | Security, Tutorials

Data breaches can seriously damage a SMB, both in IT cost and loss of business. Prevent disaster by creating, updating, and refining cybersecurity policies.

The impact of a data breach on a small business can be catastrophic.

Top cybersecurity threats to small businesses (SMBs) are very similar to the risks all enterprises face. The stakes are much higher for SMBs because they often lack the resources to fight back and prevent data loss. Large firms have teams of security experts and can afford extensive audits. SMBs can be more vulnerable to security risks and struggle to quickly react to vulnerabilities.

So how can SMBs fight cybersecurity risks? Prevent IT vulnerabilities and educate employees about data security best practices.

your business is small, but risks are enterprise-size

The 2016 Ponemon Cost of Data Breach Study notes the average total cost of a data breach increased from $3.79 to $4 million since last year. Data breaches are more than stolen records, considering the cost of lost business, increased customer acquisition activities, reputation loss, and diminished goodwill. Ponemon also found that average organizational cost of data breach in the US is more than $7.01 million.

The best way for small businesses (SMBs) to deal with cybersecurity risks and data breaches is to prevent them. Of course it’s easier said than done. With limited resources, SMBs need to get creative to spot vulnerable to cybersecurity risks than large companies and struggle to quickly react to vulnerabilities. The first step is to evaluate current security policies: everything from the office wifi network password to how customer payment information is stored.

See the InformationIsBeautiful interactive to see the root causes of the most recent data breaches and their impact:

Tip 1: keep pace with both risks and compliance by self-evaluating

Frequently self-evaluating the company’s cybersecurity practices is the best way to detect and prevent cybersecurity threats. SMBs can use the NIST Cybersecurity Framework (it’s free!) as a blueprint to evaluate current security policies and remodel data protection polices to focus on preventing vulnerabilities and to set goals to improve and maintain security.

SMBs should self-evaluate cybersecurity at least once a year, with participation from all business unit leaders and all of the IT team.

Traditional standards and protections – like the Payment Card Industry (PCI) DSS , Health Insurance Portability and Accountability Act ( HIPAA ), and others – all attempt to do the same things: protect sensitive data. The NIST Cybersecurity Framework is unique because the Framework combines the best practices of other security standards to focus on outcomes, rather than avoiding liability. The Framework has huge potential value for any organization looking to establish cybersecurity standards.

Tip 2: don’t become a victim of your own success

As SMBs grow and add employees and partners, your IT systems and data security policies must also evolve. Your IT team must share access to vital business data and systems without leaving any vulnerabilities. For example, a small company can rely on a single IT person to manage access to data, a server, and the company network. As the organization grows and adds employees and technologies that “single point of failure” becomes a risk for the company.

The best way to manage data security is to build it in from the beginning. Security for data and networks should grow with the business, with precautions built into business goals. Your business should use the regular self-evaluations in Tip 1 to check up on the reality of your security policies as the business grows.

In the last two years we have seen a shift from passing compliance audits toward actionable cybersecurity policies to prevent costly data loss. SMBs can prevent costly data loss by acting now to evaluate and boost security policies, then regularly check in on policies as the company grows.

Tip 3: Involve everyone in security and prevention

SMBs should involve everyone – including IT, HR, sales, and legal teams – in the cybersecurity self-evaluation process. First, company-wide involvement encourages bigger-picture thinking. Input about how data protection can be both practical and effective. For example if a policy requires employees to change their passwords every month and use 12 non-repeating characters, employees will likely cope by writing down passwords and reusing old logins which will defeat the purpose. Likewise, the IT team should be involved if the procurement team requires new vendors to pass certain security standards.

Another perk of company-wide involvement in regular security evaluations is the opportunity to update employees about data privacy. SMBs can educate employees on how to keep both personal and corporate data private to prevent data breaches. Cybersecurity training, at least once a year, can help both the business and individuals prevent cybersecurity breaches.

Tip 4: Add security in layers – defense in depth

Traditional security policies and vendors focus too much on the exterior defenses. Policies for employee screening, physical security, and website cookie blockers are all important, but don’t overlook internal network security. In the famous Target and Sony data breaches the hackers broke in and then exploited weak internal network security to plunder the critical data that was freely connected inside the corporate network.

Add encryption and monitoring within your network to strengthen existing security.

“Defense in depth” is a term borrowed from the military where several varied layers of security offer better protection than a single, reinforced perimeter. Your data security policies shouldn’t stop with preventing bad actors from entering, but also extend inside your network to monitor and limit access between IT systems.

How can Cohesive Networks help?

At Cohesive, we’ve combined our connectivity technology with dataflow and compliance tools to create secure, redundant networks for each set of critical data. VNS3:turret is our application segmentation product designed to surround and encrypt your data wherever it goes.

Those additional layers of security builds ‘defense in depth’ into each application, or group of business data. VNS3:turret lets you encrypt and manage network traffic. Protect against both external exploits and unauthorized interior network access. VNS3:turret guards your network by routing traffic through encrypted switches.

VNS3:turret allows you to:

  • Create a cryptographically unique micro-perimeter around each application.
  • Segregate applications to eliminate east-west vulnerability and monitor interior traffic.
  • Isolate and monitor all traffic to flow through the secure edge.
  • Automate compliance reporting with dataflow and monitoring tool integration.
  • Provide the most comprehensive application security model available today.

Availability:

VNS3:turret is available for private cloud customers, as well as public cloud users. Contact Cohesive Networks to get started today: sales@www.cohesive.net