IT Security
Security is not an afterthought, but an integral part of every architecture.
I plan and operate systems that are hardened, authenticated, and monitored from the ground up.
I combine technical measures, automated testing processes, and clear access concepts to minimize vulnerabilities and make risks transparent.
Open-source tools play a central role in this—because they are traceable, auditable, and adaptable to individual requirements.
The goal is a consistently secure infrastructure that combines data protection, traceability, and operational stability.
Authentication & Access Control
Uniform, centralized user and rights management is the basis for secure systems. I rely on open authentication mechanisms such as LDAP, Kerberos, and SSSD to consistently integrate users, services, and applications. This creates a clear identity and authorization concept across system and network boundaries.
- Central authentication with LDAP/Kerberos
- Integration of Linux servers into Samba AD domains
- SSSD, PAM, Winbind for system-wide logins
- Access control via mod_authnz_ldap, mod_auth_kerb
- Multi-factor or key-based authentication for critical systems
Firewall & Network Protection
Security zones, protocol hardening, and encryption form the protective layer between services and the outside world.
I implement OPNsense as a central firewall and VPN platform and supplement it with IDS/IPS functions and soft block mechanisms.
- Segmentation via VLAN, DMZ, management networks
- Rules, geo-blocking, IDS/IPS integration
- VPN connection with WireGuard or IPsec
- Certificate and key management (TLS, SSH)
- Automated rule maintenance with Ansible
Monitoring & Auditing
Security requires continuous monitoring and evaluation.
I combine classic infrastructure monitoring with security and compliance analyses.
This allows anomalies, resource bottlenecks, and security breaches to be detected at an early stage.
- Prometheus, Grafana, Alertmanager
- OpenSCAP for compliance checks and security audits
- ClamAV, Rspamd, Fail2ban for system and mail security
- Log correlation and alerting via Loki and Syslog pipelines
- Security dashboards and automated reports
Frequently asked questions about IT Security
In this FAQ, you will find the topics that come up most frequently in consultations and training sessions. Each answer is kept brief and refers to further content where necessary. Can’t find your question? We are happy to help you personally. Feel free to contact me.
Why is open source useful in IT security?
Open source tools are transparent, auditable, and configurable in a traceable manner. Security rules, logs, and verification mechanisms can be checked, versioned, and integrated into existing operating and compliance processes.
LDAP/Kerberos + SSSD: How can access truly be standardized?
SSSD connects Linux servers to LDAP/Kerberos, providing caching/offline logins and centralized policies (sudoers/PAM). Supplemented with SSH CA certificates and MFA, you get short-lived, traceable access instead of local accounts.
Firewall vs. zero trust: Is a “thick” perimeter firewall sufficient?
No. Segmentation (VLAN/DMZ/Mgmt), strict east-west rules, and identity-based access (VPN + MFA + RBAC) are mandatory. OPNsense + IDS/IPS (Suricata) protects the perimeter, while policies and short certificate/key lifetimes secure the interior.
How do I make security verifiable (audits/compliance)?
Baseline according to CIS/OpenSCAP, complete logs (journald/syslog → centralized), signed reports, and clear retention. Automated checks in CI, defined runbooks, and regular restore/incident drills provide reliable evidence.