The perimeter-based security model is gone. Today's organizations run workloads across cloud platforms, remote endpoints, and hybrid infrastructure — and attackers have adapted accordingly. Ransomware, credential theft, and lateral movement through compromised accounts are the dominant threat patterns in 2026, and they exploit exactly the gaps that traditional firewall-and-VPN architectures leave behind.
Firewall & Perimeter Security
A well-configured firewall is still the foundation of a defensible network, but most organizations are running configurations that haven't been meaningfully reviewed in years. ECT Consulting specializes in OPNsense-based firewall deployments and migrations, providing enterprise-grade perimeter security without the enterprise licensing costs. Our firewall engagements include:
- Initial deployment and network segmentation design
- Rule set review, cleanup, and hardening for existing deployments
- High-availability failover configuration
- VPN setup for site-to-site and remote access (IPsec, WireGuard, OpenVPN)
- Ongoing management and monitoring
Intrusion Detection & Prevention
Knowing what's happening on your network in real time is no longer optional. ECT Consulting deploys and tunes Suricata IDS/IPS integrated with OPNsense, providing deep packet inspection and active threat blocking across your network traffic. We configure Suricata in inline IPS mode for active enforcement — not just passive alerting — and tune rulesets to minimize false positives without sacrificing detection.
Network Segmentation & VLAN Architecture
Flat networks are a liability. When a device is compromised on a flat network, an attacker can move laterally to every other system without restriction. Proper segmentation limits the blast radius of any breach and is a foundational requirement for Zero Trust network architecture.
ECT Consulting designs and implements segmented network environments using managed Cisco switching infrastructure (CBS250/CBS350 series), including:
- VLAN design aligned to security zones (servers, workstations, DMZ, IoT, guest)
- LACP/trunk configuration for multi-switch environments
- Inter-VLAN routing policies with firewall enforcement between zones
- DMZ architecture for publicly accessible services
Zero Trust Architecture
ECT Consulting implements Zero Trust across both network and identity layers — network segmentation, OPNsense access controls, and Entra ID Conditional Access working together rather than as separate projects. For organizations with remote or hybrid workforces, we design access architectures that eliminate broad VPN access in favor of least-privilege, application-specific connectivity.
DNS Security & Split-DNS
DNS is one of the most overlooked attack surfaces in small and mid-size environments. Malware frequently uses DNS for command-and-control communication, and misconfigured DNS infrastructure creates both security and operational problems. ECT Consulting configures Unbound DNS with local resolution, split-DNS for hybrid Active Directory and Entra ID environments, and DNS-based filtering to block known malicious domains at the resolver level — before they reach endpoints.
Network Monitoring & Visibility
LibreNMS gives you continuous visibility across your switching, routing, and server infrastructure — SNMP and agent-based, with alerting and dashboards configured so anomalies surface before they become incidents.
Security Assessments
Not sure where your gaps are? ECT Consulting offers network security assessments for organizations that want an honest outside view. We review firewall rules, network architecture, patch levels, access controls, and monitoring coverage — and deliver a specific list of what to fix and in what order.