The Threat: Network Security Risks
- Can an attacker gain access to your network and all the information it contains?
- Are your Firewall Rules protecting what they should?
- Could a cleaner steal your password?
- Is your confidential information easily accessible to outsiders - or insiders?
How do you answer these questions?
|
The Solution: A Network & Server Security Audit and Penetration Test
Hover over the process diagram below for more information.
| The tests we can conduct include: |
| Network Discovery: Do you know what your network looks like? Using a combination of tools and experience, we
discover the network structure and map your network. We disclose the network perimeter, highlighting third-party connections. Our discovery service includes a review of router and
switch configuration, passwords and SNMP community strings. We investigate third-party connections, dial-in and dial-out facilities, firewalls and edge routers, and set the stage
for subsequent penetration tests and vulnerability scans. |
| Network Penetration Testing: If we can get in, so perhaps can the bad guys... We penetration test your network by connecting
on site and attempting to gain access to local and third-party resources. Initially we work without a legitimate logon, then as a standard (non-privileged) user and finally as a privileged user. In all cases
we attempt to exploit the information gained in the network discovery phase. We target customer data, personnel, financial and payroll information. We also attempt access to other networks by "piggy-backing"
from your corporate network. During this exercise, we also review your standard workstation configuration (operating system, Internet browser, e-mail, etc.) for important vulnerabilities. |
| Network & Server Security Audit and Review: Who - or what - is the weakest link? Using professional analysis tools and staff
interviews we analyse your corporate network security profile. We produce a detailed report of weaknesses and an action plan to remedy them. We find redundant accounts, well known admin accounts, easy-to-guess
passwords, excessive file permissions and much more. We review the security configuration of a number of sample servers, including account policies, rights and permissions, audit logs, administrative accounts,
service accounts, patch levels and published vulnerabilities. We also penetration test a sample of servers, recommend modifications and improvements as necessary. |
| DMZ Server Security Audit: this service provides a thorough on-site security audit of your DMZ servers. In addition to platform
security configuration analysis and internal penetration testing, we can also conduct interviews and physical inspections. We review the security configuration of your servers, including file systems, directory
design, rights and permissions, change control, and audit logs. We recommend modifications and improvements as necessary. We also penetration test your servers and firewall from the DMZ and internal network perspectives. |
| Firewall Rules Review: We examine your firewall rules and configuration to ensure that the rules reflect your business requirements. We check
what is permitted and what is denied, look for excessive access and ensure that the rules are in the correct order. We highlight missing descriptions, duplicate or conflicting rules and weak configurations. |
| IDS/IPS Penetration Testing: Intrusion Detection and Prevention Systems offer great benefits, warning and defending against attacks, but
are frequently complex to configure and test. With the constant increase in threats and attacks it is critical to confirm that your IDS or IPS is protecting you against those threats. We test your Intrusion Detection
or Protection System in a controlled, repeatable and safe manner - even across production networks. |
| Wireless Security Testing: Please click here to see our
wireless security testing page. |
| Workstation & Endpoint Security Testing: Please click here to see our
workstation and endpoint security testing page. |
| Social Engineering & Blended Attacks: Effective network security is as much about people as the technology they use or are responsible for.
But how vigilent are your people at protecting your organisation and its information assets - how secure is your "human firewall"? We can find the areas of weakness in your staff awareness, policy and procedures -
providing you with valuable information for a security awareness and training campaign that is tailored to your organisation and its culture. Please click here to see our social engineering page. |
| Training & Awareness: We mentioned above that people are really what makes security work. We can also help you with your security
awareness campaign and training. Please click here for more information on the services we offer in these areas. |
At First Base Technologies we pride ourselves in being with you every step of the way in securing your network and associated infrastructure from attack.
Please note that your associated infrastructure should also be subject to regular penetration tests to maintain a good level of assurance. You can find out more about our other services
here.
You can read our FAQ on penetration testing here
And see what our clients say about our services here
or phone Andy on +44 (0)1273 45 45 25
|
|
