Using defence-in-depth principles and a default deny stance, we design and implement everything from secure hostbased solutions to advanced network infrastructure and perimeter defenses.

design and implementation

Firewall solutions:
We offer help with designing new firewall platforms and/or reviews of existing implementations and rulebases. We have experience in most platfrom such as Firewall-1, Gauntlet, PIX/ASA/FWSM, Netscreen, Netfilter, pf, ipf, openwall and so on, our experience of deployment and design ranges from single enforcement points to multiple redundant high availability clustered solutions.

Network solutions:
We offer help with design of new infrastructural platforms and/or reviews of existing implementations and designs. In our experience the core network is the very foundation and one of the corner stones in implementing good security and parts of our defense in depth stance. Redundancy of the network infrastructure is also a common factor that we deal with.

Secure O/S:
If the base operating system installed is insecure, then any effort on securing the applications on running on the system is a waste of money and time. Our main principle when designing secure operating system platforms for our customers is simple, yet effective.

"A stable, secure platform capable of surviving uncompromised without any supporting system for at least 30 days directly connected to Internet."

Secure SMTP:
We will help you design and implement secure, robust and redundant SMTP gateway solutions for deployment in insecure areas (DMZ), using the latest techniques to limit the amount of incoming SPAM/Virus/Malware from reaching the internal systems.

Secure DNS:
We love DNS, and love helping people solving their DNS problems. The biggest concerns with DNS, is the fact that 90% of companies and organizations fail to realize that DNS is a core technology and should be treated accordingly, recent studies shows that more than 60% of registered domains have flaws in the configuration or are misconfigured.

In the past, we have helped everything from small companies to large scale ISP's, using the latest techniques to implement robust, scalable and secure DNS solutions.

Secure NTP:
In today's environment it is absolutely essential that every component in a small or large system has a unified view on the current time down to 30-40 millisecond resolution. Without it, logs may be inadmissible in court and traceability on past events might be close to impossible.

Also, It's our firm belief that companies and organizations should primarily depend on traceable time sources, either internal our external.

Logging for traceability:
Few things in computer security is more neglected than system and security logging.
Utilizing multiple log recipients in a redundant solution, can ensure an organisation with proper separation of duties in terms of log access and management and as well facilitate proper traceability for past events.

XPD is also a contributor in the open source area with one of the first generalized visualization tool for system and security logs. (project aspect, released as GPL on SF: http://aspect.sf.net in 2003)

Securing Oracle installations:
Often Oracle is carrying sensitive and vital information about an organisation, however more than 98% of all Oracle servers are installed in an insecure fashion, leading to possible information disclosure, theft or alteration. We have designed and developed together with Oracle Sweden, a secure platform for the deployment of Oracle in a Linux or a UNIX (HP-UX, Solaris) environment.

Post Mortem analysis:
If you have had a system compromised by an unauthorized 3rd party, you would most likely want to figure out how they penetrated your security, so you can redesign and implement a safer solution to prevent similar incidents in the future. As one of the companies in the nordic region doing post mortem analysis, XPD can investigate your compromised equipment to try to isolate the root causes of the security incident.