EN
Services · IT Security & Firewalls
IT security & firewalls with zero-trust approach
We are moving from a “perimeter firewall” to a modern security architecture: zone segmentation, zero-trust access, clear L7 policies and secure VPNs. Fewer open windows, fewer surprises.
What type of organizations is this service for?
IT security becomes critical when the network no longer means "an office with a few PCs": you have multiple locations, applications exposed on the Internet, remote access, partners and sensitive data.
- Companies with multiple locations, site-to-site VPNs and remote access.
- Organizations that process sensitive data (customers, patients, legal files, transactions).
- Mixed infrastructure: on-prem, cloud, externally accessed applications.
- IT teams that have "inherited" a firewall with old, hard-to-understand rules.
6-step methodology for security & zero-trust
- 1
Evaluation & health check
We inventory existing firewalls, zones, VPNs, and rules. We identify “any/any”, unnecessary open ports, and Internet exposure.
- 2
Architectural design & segmentation
We define zones (users, servers, DMZ, IoT, guest), allowed and prohibited flows. We prepare a reference design with diagrams and example policies.
- 3
L7 policies & zero-trust access
We build policies on applications and roles, with TLS inspection where it makes sense, identity control (SSO/MFA) and per-user/group limitations.
- 4
VPN & secure remote access
We configure site-to-site and remote VPNs (e.g. AnyConnect/GlobalProtect) with certificates, MFA, and controlled split-tunneling. We test failover and incident scenarios.
- 5
Logging, alerts & monitoring integration
We centralize logs, define key alerts (scans, brute-force, VPN down) and integrate with the monitoring system for complete visibility.
- 6
Runbooks & periodic reviews
We document procedures for frequent incidents and establish a review rhythm (quarterly/semiannual) for policies, certificates, VPNs, and access.
Recommended stack & security zones
We don't push a single vendor; we adapt the design to what you already have or what makes sense as an investment: Palo Alto, Cisco, Fortinet, plus integration with AD/IdP and existing systems.
| Area | What we protect | Technologies & practices |
|---|---|---|
| Perimeter & Internet | Inbound/outbound traffic, public services (website, VPN, API) | NGFW firewall, L7 policies, IPS/IDS, selective TLS inspection, geo-IP, rate limiting. |
| Users & endpoints | Internal/remote user access to applications and data | Zero-trust access, AD/IdP integration, MFA, role/group policies, application control. |
| Servers & DC/Cloud | Critical applications, databases, internal services | Dedicated segments, “deny by default” policies, strict ACLs, micro-segmentation when necessary. |
| DMZ & exposed services | External portals, APIs, reverse proxies, email gateways | Separate DMZ, WAF, IPS/IDS, detailed logging, extremely restrictive access rules. |
| IoT & special equipment | Video cameras, industrial equipment, POS, other devices | Isolated segments, access only to necessary servers, anomaly monitoring, without direct access to the Internet. |
| VPN & partners | Connections with suppliers, bank, payment processors | Site-to-site VPN, subnet filtering, dedicated logging, strict resource access rules. |
Example of vendors: Palo Alto Networks, Cisco Secure Firewall, Fortinet, plus integration with Active Directory / Azure AD / IdP and existing monitoring platforms.
What we deliver at the end of the project
- Documented security architecture (diagrams + description of areas & flows).
- Firewalls configured with clear L7 policies and zone segmentation.
- Site-to-site & remote VPN with strong authentication (MFA/certificates).
- Integration with the centralized monitoring and logging system.
- Incident runbooks and medium-term hardening recommendations.
Optionally, we can also do periodic health check (quarterly/semi-annually) to review rules, remote access, unused users, certificates and Internet exposures.
NIS2 & Security
Securitatea IT este pilonul central al conformității NIS2
Directiva NIS2 impune măsuri clare de management al riscului, control al accesului and protecție perimetrală și internă. Firewall-urile moderne, segmentarea rețelei și principiile Zero Trust nu mai sunt opționale — sunt cerințe de bază pentru audit și pentru reducerea impactului unui incident de securitate.
Am sintetizat cerințele NIS2 și modul în care acestea se traduc în arhitecturi reale de securitate într-un ghid dedicat.
Do you want to know exactly what is exposed and what needs to be closed?
Send a brief inventory (number of locations, firewalls, exposed applications) and we will propose a phased plan: assessment, design, implementation and runbooks, with minimal impact on production.