// service line · Active

RedCyfer Systems

Network security, firewall design, and infrastructure consulting for businesses that have outgrown a consumer router but don't have — or want — an in-house network team. The routers, the rules, and the reasoning behind them.

Talk through your network

> What this covers

Firewalls & network security

Purpose-built firewall rule chains — input, forward, and output — with connection tracking, sane NAT, and mangle rules where they earn their keep. Not a box of defaults; a policy you can read and I can explain.

VLAN & segmentation design

Separate networks for work traffic, guest, IoT, and management, so a compromised smart plug can't see your accounting machine. Segmentation planned around how your business actually operates.

Site-to-site & remote-access VPN

WireGuard, IPSec, OpenVPN, or SSTP to link offices, reach cloud resources, or get staff in securely — routed properly, not bolted on.

Routing for multi-site growth

BGP and OSPF when you outgrow static routes — multiple locations, cloud VPCs, and failover paths that hold together as you add sites.

Hybrid cloud & on-prem

Connecting AWS to the gear in your closet — the kind of hybrid environment I run day in, day out. VPN concentration, routing, and the security boundary between them.

Automation & monitoring

RouterOS scripting for automated responses, plus SNMP/API integration so the network can feed dashboards and trigger actions instead of sitting dark.

> Self-hosted observability

SaaS monitoring — Datadog and the rest — works, until you're paying a growing monthly bill to ship all your operational telemetry to someone else's cloud. I build private, self-hosted observability platforms that keep your metrics, logs, and traces on infrastructure you own:

Built on proven open components — time-series and columnar databases (TimescaleDB, ClickHouse), OpenTelemetry, and a dependency-light self-hosted dashboard. Your data stays home; the bill stops growing. More on the approach →

> Resilient storage & backup

Storage always grows faster than planned, and backups quietly rot until the day you need one. I build storage that scales without forklift upgrades and backups that actually restore:

3-2-1 done properly, on infrastructure you own. More on the approach →

> Why MikroTik first

MikroTik / RouterOS is my default recommendation for SMB firewall and routing: the price-to-capability ratio is hard to beat, and you get full CLI and scripting control instead of a locked-down appliance. It runs the same rule chains, VPNs, and routing protocols the big vendors charge a premium for.

That said — vendor choice follows your needs, not my preference. I also work with pfSense/OPNsense, Ubiquiti, Fortinet, Palo Alto, Cisco, and WatchGuard, and if you've already standardized on one of those, I'll work within it and tell you honestly where it helps or hurts. The goal is a network that's secure, documented, and something you can actually reason about — regardless of the badge on the box.

Network that needs designing, hardening, or untangling?

Start the conversation