Specializing in Network Penetration Testing, Vulnerability Assesments, Security Audits, Security Policy Development, and Computer Investigations.
Network Penetration Testing
The objective of network penetration testing is to identify and exploit vulnerability in your network perimeter -- from an attacker’s perspective - to gain access.
Our first step in performing a network penetration test is to identify risks in system configurations by scanning your network [including wireless network] and dialup modems.
We then perform additional tests for vulnerabilities using currently available scanning and exploitation software. We have the capability of conducting penetration tests by using the techniques and expertise of “real hackers.” These tests will check for vulnerabilities such as buffer overflows, software bugs, configuration errors, unnecessary services and trust exploitation.
We then use the results of the previous tests to gain entry to your network.
Results of the network penetration test will be documented in a report that will identify the vulnerability used to penetrate your network, and provide advice on how to mitigate the problem.
Network Vulnerability Assessments
A network vulnerability assessment offers a midway step between a network penetration test and a full security audit. By focusing only on identifying and assessing vulnerabilities, you gain the benefit of having your entire network reviewed without the expense that a full security audit entails.
There are several components to a vulnerability assessment and their inclusion is determined on a client-by-client basis. These components include:
Scanning and identifying externally available services;
Checking for service misconfiguration;
Network penetration test of your network perimeter;
Testing for dial-in modem;
Wireless network detection and monitoring;
We also focus on SANS/FBI Top Twenty list of the most critical vulnerabilities on Internet.
Results of your network vulnerability assessment will be documented in a report that will identify and prioritize vulnerabilities associated with your network, and provide recommendations on how improve the security of your network.
Security Audits and Topology of Network
Effective security audits are the cornerstone of any proactive security strategy. By identifying weaknesses in your network and practices now, you can mitigate them so they won't become problems later.
You gain the following benefits:
An independent evaluation of your security;
Consultants with solid security experience;
A confidential service you can trust;
When we conduct your security audit, we begin with a network penetration test and a network vulnerability assessment.
Next we perform a site inspection, assessing your physical security and your network architecture, identifying vulnerabilities, and reviewing your current policies, practices and procedures.
Finally we document the result in a report, detailing our findings and analysis and providing detailed recommendations for improving computer security in your organization.
Security Policy Development
The primary goal of an information security policy is to communicate to an organization the principle that information is a valuable asset and that everyone is responsible and accountable for protecting it.
At its core, a security policy is representation of your information security requirements, personnel guidelines and personnel responsibilities.
Your policy development is usually done in consultation with a number of your staff from both the business and the IT side. This ensures that your policy is both comprehensive, yet practical.
The first step in developing your information security policy is to assess your business needs. This covers areas such as business objectives and network requirements.
The next step involves assessing the risks involved in meeting those business needs and establishing procedures to counter those risks. For example, if running an e-commerce server is part of your business needs, how much risk is involved if that server is Microsoft IIS and is patched on an ad-hoc basis? Does your policy require guidelines for IT to apply patches within 24 hours of their release?
The final step is to formally write the document and to have management approve and adopt it.
Our computer investigation services can assist your organization in investigations where computers have been used in the commission of criminal offences, theft of intellectual property, fraud, and civil lawsuits.
Our investigative services include:
Emergency incident response, analysis of compromised systems, Internet tracing
Forensic analysis of computer disk drives, flash camera cards, USB drives and any magnetic medias (phones, PDAs etc.)
Monitoring of suspicious network activities or internal employees
Data recovery to retrieve deleted, hidden or encrypted material, recovery of internet activity, chat or chat fragments; email recovery and analysis
Network and computer monitoring in connection with children
Keystroke logging & recording, keystroke logging detection and protection