Admin panel

Security services at Dataspace

Essential security for Your services

In Dataspace's backbone infrastructure, we stick to the use of the “defense in depth” approach. This means that we have several defense mechanisms that effectively reduce, or completely mitigate, attacks that target our or our customers' infrastructure.

The mechanisms we use function on several levels. These include:

Anti-DDoS Protection

Tier 1 (operator) level anti-DDoS protection - serves as the first layer of protection and helps secure the infrastructure against large volumetric attacks.

Anti-DDoS protection at the Dataspace infrastructure level - functionality implemented on a dedicated platform designed to act as a suplement to operator-side Anti-DoS protection.

It includes, among others:
-DoS policies that block a number of common attacks (including flooding with TCP/UDP/ICMP packets, scanning TCP/UDP ports, creating excessive numbers of simultaneous connections

-DNS filters, which have the following functions:
filtering requests based on reputation and domain categories
blocking requests to domains associated with botnets
protection against inappropriate results returned by search engines,
ability to define lists of dangerous domains and IP addresses that you want to block

BGP Flowspec

Enables very precise creation of security policies to mitigate attacks. Mechanism used most often during targeted or complex attacks.

BGP Blackholing

It offers the possibility to completely block network traffic within the attacked prefix. Due to the characteristics of its operation and level of invasiveness, this mechanism is used only as a last resort to protect Dataspace infrastructure and clients.

QoS Mechanisms

They prioritize the control traffic necessary for the network to function properly. This ensures that, even in the event of an attack, there is no saturation of bandwidth on the links.

bg-gradients

Security of the IT environments

Anti-DDoS Protection

In addition to basic Anti-DDoS protection, it is possible to implement an additional layer of protection executed on a dedicated solution located inside the Dataspace infrastructure. This service allows precise definition of thresholds within specific protocols, above which network traffic is blocked. The platform actively analyzes incoming packets, and when an attack is detected, it automatically implements rules placing the attacker's source addresses in quarantine. With this solution, the end customer reduces the risk of an impact on its business during a potential attack.

IDS/IPS service is a security component that incorporates two main functionalities:
  • IDS (Intrusion Detection System) - a system for monitoring network traffic to detect potential threats and suspicious activity within the network.
  • IPS (Intrusion Prevention System) - a system for monitoring and actively blocking network traffic that has been classified as a potential threat.


The manufacturer of the above solution provides a database of signatures classified as a threat. The signature database is updated at 24-hour intervals. Based on the provided signatures, the system takes appropriate steps to mitigate the attack when it is detected.
The service also includes protection against attacks from botnets (groups of infected computers under the control of attackers).

bg-gradients

Firewall solutions

Firewall Premium

Firewall Premium is a service designed for those who want to apply very precise rules for both incoming and outgoing traffic within their environment, without subjecting the production system to increased load. As part of the service, the customer gets the ability to define the above rules directly on a dedicated Next Generation Firewall device.

Geo Firewall

Geo Firewall is a service that allows network traffic to be filtered based on the geographic location from which a connection is attempted. This functionality is particularly useful when the client's business is geared towards a particular country's market, as it allows to significantly reduce the traffic reaching the application, thus freeing up resources for the use of the target client. The service also works well as a protection against massive bot attacks.
The geographic location database is automatically updated at regular intervals.

bg-gradients

Secure remote work

Build your business strategy on a solid foundation of reliability. Our datacenter offers uninterrupted availability and data protection so you can be sure your business runs smoothly.

IPSEC

An IPSec tunnel is a service that allows you to set up a direct, encrypted connection, for example, between your office and an environment running on Dataspace. It uses advanced encryption algorithms, cryptographic keys, authentication and mechanisms to ensure the integrity of the transmitted data. Once deployed, the service removes the necessity to do anything extra to securely use company resources up to several hundred kilometers away. The requirement for implementing the service is to have a device that supports the specified technology.

SSL VPN

SSL-VPN is a service that allows to set up a secure, encrypted connection between a client and their server. The configuration used allows access directly to the client's private network from anywhere in the world - the only requirement is Internet access. The encryption algorithms used protect the end user against interception or modification of transmitted information.

bg-gradients-alt

Secure and efficient network

DSS DNS Guard

DSS DNS Guard is a service designed to protect against attacks using DNS, such as DNS amplification and cache poisoning. It also optimizes network performance. DNS Guard works by analyzing DNS traffic passing through the Fortigate appliance. Among other things, it uses signature analysis and heuristics to identify and block suspicious activity.

Key features of the DNS Guard service:

1. Protection against DNS Amplification attacks:

DSS DNS Guard can detect and block unnaturally large DNS responses that may indicate an attempt to launch a DNS amplification attack.

2. DNS traffic filtering:

This service monitors DNS traffic and blocks suspicious queries or responses that may indicate an attack or unwanted activity.

3. Prevention of cache poisoning:

DNS Guard protects against cache poisoning attacks that can redirect web traffic to malicious websites.

4. Bandwidth limitation for DNS queries:

This service allows you to control the number of DNS queries, which can prevent overloading DNS servers and improve overall network performance.

5. DNS traffic monitoring and logging:

DSS DNS Guard provides tools for monitoring and logging DNS traffic to better analyze and understand potential threats and activities on the network.

bg-gradients-alt

DSS SD-WAN

DSS SD-WAN is a comprehensive solution that combines advanced network functionality with security-enhancing mechanisms responsible for dynamic and intelligent network traffic management. It enables enterprises to efficiently and securely manage infrastructure in distributed network environments. SD-WAN integrates advanced security and management functions, allowing data to be transferred efficiently and securely between different enterprise locations.

Key Features of SD-WAN:

1. Dynamic Routing:

SD-WAN dynamically selects the best paths for network traffic based on multiple parameters such as bandwidth, delay, jitter and packet loss.
Automatic load balancing between different WAN connections, which optimizes the use of available bandwidth.

2. Integrated Security:

Fortigate SD-WAN integrates full firewall functionality to protect against threats at the application and network level.

Supports advanced VPN protocols (IPsec and SSL) to ensure secure connections between locations.

3. Monitoring and Analysis

The SD-WAN service generates detailed reports on bandwidth usage, application performance and security.

bg-gradients-alt

Would you like to make your office extra secure with Dataspace? - Take full advantage of our IT Outsourcing service

An excellent addition to our security services is our IT Outsourcing service. By having our specialist on-site, you will not only have assistance with the day-to-day issues of your employees, but also ongoing advice on possible security vulnerabilities. The expert will be able to identify and correct items in need of improvement on an ongoing basis.
We encourage you to learn more about IT Outsourcing services, as it is a surefire natural choice for companies that boast security as one of the pillars of their operation.



Learn more

bg-gradients
Contact us

How can we safeguard your environment?