wGrow - Team Notes

Sharing Expertise: Tech Insights and Case Studies

Cloud Server Security Architecture for Medical Service Group

Overview

This document provides a detailed overview of the security architecture we implemented for a medical service group on Amazon Web Services (AWS) and Microsoft Azure. It covers various facets of cloud server security - from initial setup to continuous monitoring and improvements, showcasing our comprehensive expertise in ensuring robust and secure cloud infrastructure.

Note: Information shared here are not confidential.

Private Virtual Private Network (VPN) Setup

We configured a private VPN using OpenVPN, a renowned open-source VPN software, allowing secure and remote access to the cloud servers. This VPN provides an encrypted tunnel, securing all the data in transit from potential eavesdropping.

Private Server and Public Server Local Area Network (LAN) Setup

We segregated the servers into two types: private and public, based on the nature of the data they handled and their exposure to the internet. We used AWS VPC (Virtual Private Cloud) and Azure VNet (Virtual Network) to establish these LANs.

Firewall Configuration

We set up network firewalls using AWS Security Groups and Azure Network Security Groups, controlling inbound and outbound traffic based on predetermined security rules. Furthermore, we installed host-based firewall solutions, like iptables, on each server for an additional layer of security.

Server and Network Traffic Hardening

All servers were hardened following industry best practices, including the least privilege principle, disabling unused services, securing SSH access, etc. For network traffic hardening, we utilized AWS Shield and Azure DDoS Protection Standard, offering seamless DDoS protection and mitigation.

Penetration Testing and Vulnerability Assessment (VA)

Regular penetration tests were performed using tools like Metasploit and Nessus, identifying potential vulnerabilities in the infrastructure. Upon discovery, the issues were fixed promptly.

Anti-Virus Software Installation

We installed server-grade anti-virus software on all servers. In AWS, we used AWS Managed Antivirus based on Trend Micro's technology. For Azure, we used Azure Security Center's Antimalware solution.

Whitelist IP Setup for Server and Web Service Communications

We utilized AWS Security Groups and Azure Network Security Groups to establish a whitelist of IP addresses. This method ensures only trusted entities can communicate with our servers and web services.

Access Log Server Configuration

To permanently store all access logs, we set up a separate server with Elasticsearch, Logstash, and Kibana (ELK stack). This setup not only stores logs but also enables advanced data visualization and analysis.

Backup Server and AWS Image Snapshot Setup

We configured a separate backup server to store application and database backups. The backup process leveraged Secure File Transfer Protocol (SFTP) for data transfer, ensuring secure and reliable backups. AWS's built-in EC2 Image Snapshot feature was used for daily image backups, providing another layer of data protection.

Secondary Cloud Infrastructure in Azure

To ensure high availability and disaster recovery, we mirrored the entire infrastructure setup on Microsoft Azure. The data synchronization was done using a secure FTP connection, safeguarding the data in transit.

Handshake Protocol Configuration

We implemented custom handshake protocols using AWS Lambda and Azure Functions, checking server health and database status. These protocols are capable of detecting potential attacks within 10 seconds, providing us with rapid incident response capability.

Conclusion

The successful implementation of this comprehensive cloud server security architecture showcases our profound expertise and ability to create robust, secure, and highly available infrastructures. We stand ready to leverage our skills to address your unique security needs and challenges, ensuring your cloud journey is safe, efficient, and fruitful.

Related

Exploring Reflection in C#: Dynamically Accessing Object Properties and Database Operations

Exploring Reflection in C#: Dynamically Accessing Object Properties and Database Operations

Reflection is a powerful feature in C# that allows us to inspect and interact with the metadata of t...

Read More >
Secured 3G/4G SMS Gateway with HTTP API

Secured 3G/4G SMS Gateway with HTTP API

Constructed by our expert team in Singapore, this industrial-grade SMS Gateway boasts a minimum of 8...

Read More >
Implementing a Secure and Compliant Visitor Logging System for a Singapore Hospital using .NET, MS SQL, and Windows Server 2019

Implementing a Secure and Compliant Visitor Logging System for a Singapore Hospital using .NET, MS SQL, and Windows Server 2019

This article describes a secure and compliant visitor logging system for a Singapore hospital that e...

Read More >
Successful E-commerce Solution for Vitasg.SG: A Comprehensive Case Study

Successful E-commerce Solution for Vitasg.SG: A Comprehensive Case Study

Aright Tech Pte Ltd (subsidiary of wGrow), an experienced eCommerce service and solution provider, h...

Read More >
TECOM, Order Processing System

TECOM, Order Processing System

TECOM is our in-house ERP system for Order Process. System is great for sellers running multiple sho...

Read More >
Optimizing a Large-Scale Medical Service Provider's Patient Management System Using Cost-Effective Scalability Solutions

Optimizing a Large-Scale Medical Service Provider's Patient Management System Using Cost-Effective Scalability Solutions

This article outlines the process of improving the performance of a commercial medical service provi...

Read More >
Contact Us
  • Our Address:
    114 Lavender Street, #07-51, CT Hub 2, Singapore 338729
    Malaysia Johor - 99-01 Jalan Adda 3/1 Taman Adda Height 81100 Johor Bahru Johor, Malaysia
  • Phone Number:
    +65 6652 3398
  • WhatsApp:
    WhatsApp Us
  • Email:
    [email protected]