Home

Projects - overview

DotSec has completed a great many projects for a wide range of customers. Our volume of repeat business indicates the level of success we have achieved in reaching that our goal - provision of holistic IT security products and services.

The following points outline some of our previous work. More details may be given upon application.

DotSec has completed the design and deployment of a secure computing environment for a merchant bank. The environment includes virtualised servers and desktops, two-factor authentication for secure remote-access, VLAN separation of desktop, server, guest and perimiter networks, and comprehensive intrusion-detection and alerting systems. Our customer is serious about the security of their funds-management business, and our holistic solution allows them to meet their regulatory requirements with ease.
Secure web applications and services. DotSec has deployed, and continues to support, a secure, redundant web-service for the Qld Dept of Health's Clinician's Knowledge Network. The site includes a SAML-based authentication service, providing Web-SSO for a number of web applications. A short PDF brochure is available, and outlines the key features of the CKN design and implementation. DotSec has also provided (and continues to support) message-security services for APRA's D2A online reporting service, and has completed the design and integration of authentication providers for J2EE systems for an Australian federal government department in Canberra.
DotSec continues work on a range of projects associated with web services and WSS. For example, DotSec has recently completed a vulnerability assessment of a major web services deployment, and has also recently presented an audit of a range of WSS implementations.
DotSec conducted many comprehensive Threat and Risk Assessments for customers in the banking and finance, employment, transport, education, government and legal sectors. By way of example, an assessment for a National online job agency focused on the company's head office, and also included branch offices and remote (dial-in) access, together with the company's high-volume web site. The assessment included a review of both internal systems and publicly accessible web-based services, and the design of the networks and applications that supported these services. The environment included a number of Windows domains, head office, branch office and web-hosting networks, and a number of COTS and in-house developed applications.
Similarly, DotSec completed a Threat and Risk Assessment (TRA) for an online casino. The scope included network security configuration and policy, together with review of online gaming applications design and appropriate, policy-based deployment of J2EE security services. Ongoing support in the areas of secure application design and integration, threat and risk assessment, intrusion detection and vulnerability analysis. Environment includes a J2EE 3-tiered application, running over Web Logic Server with Oracle 9i DBMS. Linux, Solaris and Cisco platforms.
DotSec completed the design and implementation of Single Sign-On (SSO) services supporting Windows domain-based authentication at the desktop, and extending SSO to support web-based Intranet applications.

The deployment environment was based on Windows clients and servers, with IIS and Apache web servers, and Tomcat servlet engine. The initial rollout used servlet-based applications, but included options for full J2EE extensions.

Details on these, and a wide range of other projects, may be made available upon application. Please contact DotSec if you would like to discuss projects details or references.

Secure and redundant

DotSec has completed the deployment of the Clinician's Knowledge Network (CKN) deployment, a highly-available, secure and cost-effective web-applications infrastructure for Qld Health. The infrastructure utilises distributed redundant data storage, virtualisation and a SAML-based identity and access- management service to meet the business' requirements, particularly those related to security, identity management and availability. Equally importantly, the entire project, from design to proof- of-concept to production, was completed on-time and on a very cost-effective budget.

Feel free to download the brochure, and contact DotSec if you have any questions or comments

Holistic!

DotSec works with the client, to ensure that their security solution is holistic, rather than product-centric. In this way, DotSec ensures that the client's business requirements are met both now, and in the future.

Web services

DotSec continues work on a range of projects associated with web services and WSS. For example, DotSec has recently completed a vulnerability assessment of a major WS deployment, and has also recently presented an audit of a range of WSS implementations.

Fraud!

New tricks for tricky spammers! DotSec maintains an active interest in on-line fraud and scam prevention. No doubt you will have received bogus emails trying to trick you in some way. But how do the spammers maintain their list of email addresses? We have an interesting example for you to think about.