Complete revamp of all IT systems following a security breach. Implemented new:
- IdM and Policy management using FreeIPA
- LDAP auth to all internal system
- Keycloak SSO
- Kong API-gateway
- CA: SSL management
- DNS using PowerDNS and DNSdist (authoritative & recursive with RPZ filtering)
- Internal RPZ feed server
- VoIP ENUM service
- NTP
- Managed database clusters (Galera/MySQL, PostgreSQL & MongoDB)
- Internal smarthost based Email forwarding
- ELK stack
- Implemented Logstash and Auditbeat data collection
- TIG stack
- Created dashboards for various systems and services (vSphere, PowerDNS, FreeRadius, pfSense etc.)
- DevOps:
- The Foreman/Katello
- Local DEB & YUM repositories
- Linked to VMware, DHCP, Netbox, etc.
- Ansible
- The Foreman/Katello
- *nix servers for in-house code
- HAproxy load-balancing
- Nginx reverse proxies and URL filtering & routing
- Security Policy as interim CISO
- Created baseline firewall policies and configuration from scratch.
- Remote access policies and infrastructure.
Revamp of radius platform for xDSL users.
Since I took the contract, all PEN tests have shown that the new systems are secure, which has been a significant improvement on the initial post-compromise PEN test.