We can provide answers to these questions by analysing your network for security weaknesses using a combination of industry standards, our own best practice and BS 7799 / ISO 27001. The reports we produce - tailored to your organisation - will inform you of the vulnerabilities and the solutions, so you can address these before insiders or hackers do. Below are our services in this area |
 |
Network Discovery: Do you know what your network looks like? Using a combination of tools and experience, we discover the network structure and map your network. We disclose the network perimeter, highlighting third-party connections. Our discovery service includes a review of router and switch configuration, passwords and SNMP community strings. We investigate third-party connections, dial-in and dial-out facilities, firewalls and edge routers, and set the stage for subsequent penetration tests and vulnerability scans. |
|
Network Penetration Testing: If we can get in, so perhaps can the bad guys... We penetration test your network by connecting on site and attempting to gain access to local and third-party resources. Initially we work without a legitimate logon, then as a standard (non-privileged) user and finally as a privileged user. In all cases we attempt to exploit the information gained in the network discovery phase. We target customer data, personnel, financial and payroll information. We also attempt access to other networks by "piggy-backing" from your corporate network. During this exercise, we also review your standard workstation configuration (operating system, Internet browser, e-mail, etc.) for important vulnerabilities. |
|
Network Security Audit and Review: Who - or what - is the weakest link? Using professional analysis tools and staff interviews we analyse your corporate network security profile. We produce a detailed report of weaknesses and an action plan to remedy them. We find redundant accounts, well known admin accounts, easy-to-guess passwords, excessive file permissions and much more. We review the security configuration of a number of sample servers, including account policies, rights and permissions, audit logs, administrative accounts, service accounts, patch levels and published vulnerabilities. We also penetration test a sample of servers, recommend modifications and improvements as necessary. |
|
DMZ Server Security Audit: This service provides a thorough on-site security audit of your DMZ servers. In addition to platform security configuration analysis and internal penetration testing, we can also conduct interviews and physical inspections. We review the security configuration of your servers, including file systems, directory design, rights and permissions, change control, and audit logs. We recommend modifications and improvements as necessary. We also penetration test your servers and firewall from the DMZ and internal network perspectives. |
|
Firewall Rule Testing: We use Firewall Informer to send pre-defined network traffic to both the outside and the inside of your firewall. By connecting to both sides of your firewall, a protocol scan matching your current installed firewall policy can provide a 100% guarantee of operation. Firewall Informer spoofs IP addresses and MAC addresses and controls packet expiration, so it can be used on production systems without having to connect to the destination address. |
|
IDS Penetration Testing: Intrusion Detection Systems offer great benefits, warning and defending against attacks, but are frequently complex to configure and test. With the constant increase in threats and attacks it is critical to confirm that your IDS is protecting you against those threats. We use IDS Informer to test your Intrusion Detection System in a controlled, repeatable and safe manner - even across production networks. |
|
Social Engineering & Physical Security: Do you have a human firewall? Our social engineering and physical security review can be used to assess your vulnerability in this area - please see our Blended Attacks Page for more information. |
Want more information?
- Phone Andy on +44 (0)1273 45 45 25
- Click Here to download our brochure
- Click here to use our contact form
- Click here for the detailed PCI DSS specification
