- Is it possible to obtain unauthorised access to your network and the machines on it?
- Are your Firewall Rules protecting what they should?
- Could a cleaner control your router?
- Is your confidential information easily accessible to outsiders - or insiders?
We can provide answers to these questions by analysing your network for
security weaknesses using a combination of industry standards, our own best practice and ISO/IEC 27000.
The reports we produce, which are tailored to your requirements, will inform you of the vulnerabilities and
the solutions, so you can address these before insiders or hackers do.
Below are the services we provide in this area:
|
 |
Network Discovery:
Do you know what your network looks like? Using a combination of tools and experience, we
discover the network structure and map your network. We disclose the network perimeter,
highlighting third-party connections. Our discovery service includes a review of router and
switch configuration, passwords and SNMP community strings. We investigate third-party
connections, dial-in and dial-out facilities, firewalls and edge routers, and set the stage
for subsequent penetration tests and vulnerability scans.
|
|
Network Penetration Testing:
If we can get in, so perhaps can the bad guys... We penetration test your network by connecting on
site and attempting to gain access to local and third-party resources. Initially we work
without a legitimate logon, then as a standard (non-privileged) user and finally as
a privileged user. In all cases we attempt to exploit the information gained in the network discovery
phase. We target customer data, personnel, financial and payroll information. We also attempt access to
other networks by "piggy-backing" from your corporate network. During this exercise, we also
review your standard workstation configuration (operating system, Internet browser, e-mail, etc.) for
important vulnerabilities.
|
|
Network Security Audit and Review:
Who - or what - is the weakest link? Using professional analysis tools and staff interviews
we analyse your corporate network security profile. We produce a detailed report of weaknesses
and an action plan to remedy them. We find redundant accounts, well known admin accounts,
easy-to-guess passwords, excessive file permissions and much more. We review the security
configuration of a number of sample servers, including account policies, rights and
permissions, audit logs, administrative accounts, service accounts, patch levels and
published vulnerabilities. We also penetration test a sample of servers, recommend
modifications and improvements as necessary.
|
|
DMZ Server Security Audit:
This service provides a thorough on-site security
audit of your DMZ servers. In addition to platform security configuration
analysis and internal penetration testing, we can also conduct interviews
and physical inspections. We review the security configuration of your
servers, including file systems, directory design, rights and permissions,
change control, and audit logs. We recommend modifications and improvements
as necessary. We also penetration test your servers and firewall from
the DMZ and internal network perspectives.
|
|
Firewall Rule Testing:
We use Firewall Informer to send pre-defined network traffic to both the
outside and the inside of your firewall. By connecting to both sides
of your firewall, a protocol scan matching your current installed firewall
policy can provide a 100% guarantee of operation. Firewall Informer
spoofs IP addresses and MAC addresses and controls packet expiration,
so it can be used on production systems without having to connect to
the destination address.
|
|
IDS Penetration Testing:
Intrusion Detection Systems offer great benefits,
warning and defending against attacks, but are frequently complex to
configure and test. With the constant increase in threats and attacks
it is critical to confirm that your IDS is protecting you against those
threats. We use IDS Informer to test your Intrusion Detection System in a controlled,
repeatable and safe manner - even across production networks.
|
|
Blended Attacks:
Effective network security is as much about people as the technology they use
or are responsible for. But how vigilent are your people at protecting your organisation and its information assets - how
secure is your "human firewall"? We can test this and find the areas of weakness in your staff awareness
and policy and procedures - providing you with a valuable tool for tailoring a security
awareness and training campaign that is tailored to your organisation and its culture. Please see our Blended Attacks Page for more information on
our services offered in this area.
|
|
Training & Awareness:
We mentioned above that people are really what makes security work. We can also help you with
your security awareness campaign and training. Please see our Training & Awareness Page for more information on
our services offered in this area.
|
You can read our FAQ on penetration testing here.
...and see what our clients say about our services here.
|
Want more information?
- Phone Andy on +44 (0)1273 45 45 25
- Click Here to download our pdf about this service
- Click Here to download our overview brochure
- Click here to use our contact form
|
|
