Network & Infrastructure Security

Network and Infrastructure Security

Security Architecture and design

Trustsec has a proven track record in the development of detailed and effective security architectures and (low level) designs which when implemented are intended to provide a client with a highly functional and secure IT environment. We have provided security architectures and effective security designs to many of the largest organizations in Canada. Typically, a security architecture is a higher-level view of a design or secure connectivity scenario. This may include how security controls are factored in and it typically is expansive in how the components and services interconnect.

To illustrate the differences in what constitutes architecture and what constitutes design, Items like protocol handshaking and authentication will be a part of a network security design. By contrast, the applications, tools or resources that facilitate handshaking and authentication would be included in the security architecture.

Once a design has been implemented trustsec, where applicable follows the Cyber security lifecycle in the steady state management of an IT environment. The CSL includes the following phases:

  • Identification
  • Assess
  • Protect
  • Detect/Monitor
  • Respond
  • Recover
  • Review

Network Device hardening

It starts with the basics, network device hardening is typically a best practices approach to a configuration assessment and assuring that as many attack vectors as possible are mitigated based on an analysis of the current device services and protocols in use. The network includes the management, control and data planes. each provide different functionality that needs to be protected.

Each of the logical planes incorporates various protocols and services. In order to mitigate vulnerabilities and the potential for system breach, Trustsec leverages the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, DoS and Elevation of privilege) threat modeling methodology as a key component in providing secure device operations. From an advisory perspective we will make operational recommendations and implement these changes to better secure your network and infrastructure.

Perimeter security

Where is your network edge, are you at risk of falling off a cliff? With Trustsec we’ve got your back. The network edge can be a malleable environment. With remote access connectivity, ‘foggy’ cloud environments, extranet services, etc. it can be a precarious place from a security policy and procedures perspective. Our services provide a soup to nuts approach on edge security, which includes design, test, implement and assess.

Security Solutions include:


  • Network Zoning
  • VPN Gateway
  • L7 Application security

  • Signature/profile/behavioral traffic inspection
  • Zero day malware profiling and detection
  • L7 Application security
    • Sandboxing triage

  • Trustsec has experience with architecting and implementing NLB (network-based load-balancing) solutions within large scale environments. Our resources have experience with products such as F5, Cisco and Radware

SSL/TLS decrypt
  • A more recent capability in the security administrator’s quiver of arrows is TLS decrypt. This capability allows for the decryption, traffic inspection and re-encryption of traffic in order to ensure that where applicable embedded malware can be identified and remediated.
  • The architecture around this kind of solution can involve some complexity as there are privacy issues at sake as well as the potential for traffic bypass, etc. Trustsec has expertise in this kind of a solution. We will work with client stake-holders develop the design, test and deploy the infrastructure into a Production environment.

Data Loss Prevention
  • Network DLP monitors and typically controls the outbound flow of sensitive data (inbound DLP may be warranted in certain environments). This can include network, email or web traffic. With the right solution in place this countermeasure the time to production can be quickly engaged.

Trustsec works with vendor partners to provide a rigorous DLP solution which inspects appropriate traffic and then provides policy-based enforcement to prevent against unauthorized data exfiltration. Solution policy actions can include permit, announce, block, encrypt and quarantine