|
| Security Audits |
|
| "Whether a single computer or a corporate network, protecting your network against attacks from malicious intruders is as critical as opening the doors of business in the morning." |
|
| OVERVIEW |
|
| Our Security Audit service provides you with a complete solution that is based on our methodology; Assess, Design, Implement and Operate. |
|
| Many organizations do not know the current state of the security of their networks. In today's complex, multi-protocol, multi-vendor networks, the task of base lining or taking a comprehensive snapshot of a network's security is daunting. As the risk and threat from unauthorized access and destruction of valuable network assets increase, the need for an understanding of an organization's security posture is becoming critical to mitigate lost productivity and information. |
|
| Our Security Services 'Security Audit Service' takes a comprehensive look at your network's security posture and offers recommendations for remediation of security shortfalls discovered. We can help you get your arms around securing your network and identifying and understanding your network security risks. |
|
|
- Key areas of the audit are:
|
|
- External Network Audit : Taking an outsider's view of the network and seeing what is in place, and how it is configured, including quarterly network scans to identify potential vulnerabilities.
- Internal Network Review : Assessing the critical aspects of how security is implemented and enforced by your internal computing systems.
- Policy & Procedure Review : Security policies and procedures are the foundation of a secure network. Content, communication and enforcement are key to maintaining a security program.
- Analysis & Reporting : The audit report is a collective summary of how the network is currently operating, and what risk, and where improvements need to be made.
|
|
|
|
| SECURITY AUDIT PROFILE |
|
 Phase 1 - Planning |
|
| The planning phase consists of mostly gathering basic information about the environment, as well as establishing boundaries and limits for the system analysis and test activities. The information provided for the planning phase is gathered using a structured site survey document completed by the customer. |
|
| Phase 2 - Testing |
|
| The testing phase is the time during which the actual audit is performed, in depth. The scope of the testing varies depending on the engagement, but is established during the planning phase. The possible areas of review include: |
|
|
- External Network Review - Taking an outsider's view of the network and seeing what is in place, and how it is configured. Aspects covered during an external review are:
|
|
- Firewalls & Routers
- Perimeter devices
- VPN connections
- Web and FTP servers
- E-mail servers
- Remote access methods
|
|
|
|
|
- Internal Network Review - An often overlooked and very critical aspect of network security. Areas of the internal review include:
|
|
- Users accounts & password policies and practices
- Access privileges and levels
- File, directory, event log and registry permissions
- Audit logs
- Software Patch management
- Physical network cabling
- Backup methodology & disaster recovery plans
|
|
|
|
|
- Policy Review - Security policies are the foundation of a secure corporate network. They must exist, be enforced, and be kept up to date. To help ensure this, the security audit covers:
|
|
- Business drivers of the security policy
- Information security roles and responsibilities
- Physical security
- Authentication and network security
- Internet and e-mail security policies
- Intrusion detection and virus scanning
- Encryption policy
- Policy content and enforcement
- Use of resources
- Incident reporting and response
- Disaster recovery plan
|
|
|
|
| Phase 3 - Analysis & Reporting |
|
| The audit report is a collective summary of how the computer systems and network are currently operating, identifying potential security risks, and recommending changes and improvements. The detailed security audit report provides actionable direction for mitigating information security risks and achieving compliance with applicable regulations and industry best practices. |
|
|
|
|
| Our Security Services in providing cost effective and practical security solutions will provide you with the following benefits: |
|
- Exact identification of exploitable configuration weaknesses are provided to clients.
- Segregate security risks on the basis of their potential impact and frequency of occurrence which helps in prioritizing safety measures.
- Recommendations for eradication of exploitable weaknesses simplify the task of security administrators.
- Review implementation of company information security policies and identify variance in current organizational policies and industry known best practices.
- Comparative reports for multiple assessments help management to trace the level of improvement in their response and vulnerability update mechanism.
- It provides detailed instructions regarding methods to prevent events that threaten business continuity and increase uptime.
- Detailed and flexible reports allow an organization to inspect, compare and contrast policy compliance issues.
- Customized reports according to the needs and requirement of different audiences including IT staff, Executive Management and Auditors facilitate high pace decision process.
- Stop network attacks before they start by identifying weaknesses in your network's security.
- Make the most of your network security resources by prioritizing vulnerabilities and risks that have been identified into critical, short-term, and long-term action items.
|
|
|
|
|
- What You Gain from Our Assessments
|
|
| Our audits and assessments are designed to: |
|
- Create a security benchmark for your organization.
- Identify the strengths and weaknesses of current security practices.
- Prioritize the exposures which present the greatest risk.
- Deliver risk mitigation recommendations consistent with compliance regulations, Requirements, and business objectives
- Provide a repeatable methodology to facilitate periodic security assessments.
|
|
|
|
|
|
- Some of the services within Security Assessment services are as follows:
|
|
- Application / File Server Vulnerability Assessment Service.
- Database Server Vulnerability Assessment Service.
- Network Architecture Assessment Service.
- Router Vulnerability Assessment Service.
- Server Vulnerability Assessment Service.
- Web Server Vulnerability Assessment Service.
- Wireless Network Vulnerability Assessment Service.
- Wired Network Vulnerability Assessment Service.
|
|
|
|
 |
|
