Who we are

Webtrend is a swiss-based company focusing on creating internet distribution services with the highest possible security standard, while using open-source software and no licenses involved.

Webtrend is a swiss-based company focusing on creating internet distribution services with the highest possible security standard, while using open-source software and no licenses involved.

Our services

Servers

Email server

Setup

Postfix as (MTA) and Dovecot as IMAP4 server (No POP3 support)on Linux Operating Systems (Ubuntu/Debian).

Performance

~300 simultanous SMTP connections, ~50’000 emails processed per day.

SMTP is a very lightweight protocol and thus the hardware requirement are very low. Security features (STARTTLS and MTA-STS) will need a little bit more CPU cycles.

Security

Web server

Setup

Apache2 on Linux Operating Systems (Ubuntu/Debian). (NginX only for existing setups, also limited support)

Optimization

Multiprocessing Module (MPM): Event, Prefork, Worker

Performance

~500-1200 HTTP(S) request per second
With no load-balancer / reverse proxy infrastructure in place, our servers (depending on used hardware) can approx. handle 500-1200 request per seconds. This number is relative as many webapplications are unique. We always recommend a reverse proxy in place, to offload many security related features, which saves a lot of CPU cycles.

HTTP/1.1 and HTTP/2

HTTP/2 offers latency reduction and generally improves performance for webservers. We always, if possible use HTTP/2 for our webservers  unless the webapplication is not thread safe (It requires the mpm_worker module). As a fallback solution HTTP/1.1 is used

HTTPS support

Should not even be mentioned anymore at this time. The only difference we have, is that we prevent downgrade attacks and other vulnerability involved TLS connections. We only use certificates issued by Let’s Encrypt which come with zero cost for the client and offer the same security.

HTTP  Security Headers

Greatly improve the security of your webapplication and allow the webserver to communicate with your clients in a secure and manner and also depending on the header; increase privacy. We put a lot of emphasis on these security headers but very complex web application may not be able to make use of few.

  • HTTP-Strict-Transport-Security (HSTS)
  • Content-Security-Policy (CSP)
  • X-Frame-Options
  • X-Content-Type-Options
  • Permissions-Policy
  • Referrer-Policy
Apache2 Modules:

Experienced with the use of most modules, such as for example mod_rewrite (instantly rewrite URL’s based on the client request) and many others.

Only theoritcal knowledge: HTTP/3
Limited support with nginX

Proxies

SMTP Proxy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Reverse proxy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Forward Proxy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

TLS Bump Proxy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Other

Virtual Private Network

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Certificate Authority (CA)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Centralized Logging

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Intrusion Prevention/Detection System (IPS/IDS)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Networking

Routing

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Switching

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Centralized Logging

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.

Intrusion Prevention/Detection System (IPS/IDS)

Lorem ipsum dolor sit amet, consectetur adipiscing elit. In eget bibendum libero. Etiam id velit at enim porttitor facilisis. Vivamus tincidunt lectus at risus pharetra ultrices. In tincidunt turpis at odio dapibus maximus.