SECURING YOUR INFORMATION ASSETS - AT EVERY LAYER
Information Technology Security - An overview of the business drivers
IT Security - the challenge
Organisations face challenges protecting digital assets. IT security is the most dynamic and rapidly evolving component on the technology landscape. Threats come from both external sources and from within the security perimeter protected by your firewall. Securing Intellectual Property and protecting the privacy and confidentiality of clients and employee’s information is critical. Employing dedicated IT security professionals is costly. Suitable candidates are difficult to recruit and to retain. For most businesses, the best solution is to engage the services of a consultant who is able to test and advise your IT professionals on the best methods to protect and secure your information assets.
Securing your digital assets
Safeguarding your digital assets and protecting the privacy and confidentiality of your clients and employees data is imperative. Employing dedicated IT security professionals is costly. Suitable candidates are difficult to recruit and to retain. Alternatives must be considered.
The solution - OSI Security
For most businesses, the best solution is to engage the services of an IT security consultant who is able to assist and advise your IT staff on the best methods to protect and secure your information assets and mitigate further risk.
About OSI Security
OSI Security is a specialist IT Security research and test organisation. Their goal is to audit a company’s infrastructure and ensure compliance to industry best practice.
OSI Security provides a full range of security services that encompass the auditing process through to intensive penetration testing and design, consulting and comprehensive support .
Establishing your security posture at a given "point-in-time" is a good starting point for organisations to discover their strengths and vulnerabilities. Identifying and rating vulnerabilities means risks can be prioritised and remedied based on potential impact they pose to security and business continuity. Typical tasks undertaken as part of a comprehensive security audit include:
- Gateway and WAN
- Firewall and DMZ
- Servers and Patching
- Desktop and Mobile Platforms
A detailed written report is provided
as part of this service.
Penetration Testing - Wireless
Wireless networking has brought improvements to productivity and the freedom to work from almost any
location. The benefits come with risks. Ensuring wireless security protocols are sufficiently secure and both Access Points and clients (i.e. Laptops) are correctly configured and patched will prevent "war-driving" and "man-in-the-middle" attacks. Typical tasks as part of a comprehensive Wireless Penetration test include:
- Ensuring access points are correctly configured using industry standard
- Dictionary and Brute Force attacks against pre-shared keys.
- Impersonation of a rogue laptop in an attempt to intercept client communication.
- Exploitation of out-dated Drivers for Windows, OS X and Linux.
- Up-to-date Firmware for Access Points.
Test Content Management Systems (CMS)
Organisation use CMS systems because of the ease of use in maintaining the currency of information
across websites, blogs and Intranets. CMS systems represent a grave security risk to companies and may result in a significant vulnerability if not proactively maintained. Here is an overview of a CMS System audit and test procedure.
- Testing for security vulnerabilities such as SQL Injection, Cross Site Scripting, Insecure Upload forms, Information Disclosures and authentication bypass.
- Source code auditing
- Correctly configured Operating System, Web Server, Dynamic Content and Database (i.e. Windows +
IIS6 + ASP .Net + SQL Server or Linux + Apache2 + PHP + My SQL)
- Denial of Service attacks
- Validating Role-Based Access Controls (RBAC) for authenticated users
Services and support packs
Customers can purchase blocks of hours for all services offered by OSI Security. These are available in 15-minute increments, hours or weeks to cover phone support and scheduled health checks.
Checking the health of your IT Security ensures your exposure to risk and vulnerabilities is reduced. Here are some examples of services offered to clients:
- Regular scheduled on-site visits (i.e.monthly).
- Assess internal network hardware, software and devices.
- Ensure adequate patching of Operating Systems and Software Installed.
- Ensure correct operation of Anti-Malware
- Other preventative measures based on client requirements
Penetration Testing - Overview
Protecting client and employee privacy is a critical component in a company's overall security strategy. Government legislation is enforced and non-compliance exposes organisations to legal penalties and potential lawsuits. Client lists and confidential documentation must be protected
at all costs. Your organisations intellectual property is an intrinsic part of the underlying business value. Data loss could represent a significant loss in goodwill and market valuation. Damage to your reputation is difficult to value but equally insidious.
Penetration Testing - Internal
To protect against "Insider Threat" an internal pen test is offered. Here is what is covered with this testing process:
- Routers and Switching
- Active Directory and Security Policies
- Intranet Website and SQL Databases
- Patch Management and Anti-Virus
- Appliances, Servers and Workstations
Penetration Testing - External
Typical tasks as part of a comprehensive External Penetration test include:
- Gateway and WAN
- Firewall and DMZ
- Website and Hosting
- Remote Access
- Wireless Network
- Domain Name Server (DNS)
Appliance, Application and Software Testing
- Ensuring secure configuration
- Testing for known vulnerabilities
- Fuzzing for zero-day (0day), undiscovered vulnerabilities such as Buffer (Stack and Heap) Overflows
- Command Injection
- Format String memory manipulation,
- Backdoors and Default Accounts
A brochure of the above is available for download and print.