-- Technical Vulnerability Assessment:--

Image

The profusion of vulnerabilities and exploits, in today's inter-networked environments, makes many organizations vulnerable to security breaches ranging from web site defacement to theft of proprietary information and unavailability of critical business systems.

ISecurity risk-based technical vulnerability assessment identifies, quantifies and prioritize the weaknesses of enterprise systems and networks help organisations understand the nature and implications of the risks they face and to determine the degree to which their  enterprise's critical information systems and infrastructure components are susceptible to intentional and unintentional attack as a result of weakness or vulnerabilities, inherent in most vendor applications, operating systems and network devices.

Our technical vulnerability assessment helps organizations identify potential attack targets, or components and services which may expose the organization to unacceptable risk. Vulnerability Assessments can also help an organization identify component or services which are not configured according to the organization’s standards, have unauthorized services running, or may have already been the target of an attack. Assessments can be conducted from either an external (Internet-based) or internal perspective.

ISecurity conclude vulnerability assessments by leaving you with our detailed findings as well as a sound and tailored process for responding to and mitigating threats to your organisation.

Technical Vulnerability Assessment (Concentrations):-

ISecurity also provides targeted Technical Vulnerability Assessment with concentration on Application Software (Application Vulnerability Assessment) Websites, (Web application Security Assessments) Databases, (Database Security Assessments), Wireless Networks (Wireless Vulnerabilities Assessment)  etc.

Web Application Vulnerability Assessment – Assesses the security of custom-developed or off-the-shelf web applications. The review consists of a Platform Vulnerability Assessment of the supporting infrastructure and functional security testing of the application. Functional security testing involves accessing the web application from an authenticated user’s perspective. The goal of a Web Application Security Assessment is to ensure security controls in the application cannot be subverted. A typical Web Application Security Assessment tests the target web application for common problems resulting from input validation problems such as Cross Site Scripting and SQL Injection, as well as more subtle problems such as authentication and authorization defects and session management flaws. ISecurity uses a variety of automated and manual testing techniques to thoroughly test the target application.

Wireless Vulnerability Assessment – Assesses the security posture of an organization’s wireless network. A Wireless Vulnerability Assessment provides an organization validation of current security controls protecting the wireless network, and provides a point in time assessment of the risks posed by the wireless network.    A Wireless Vulnerability Assessment will help an organization identify potential risks due to unauthorized access to the wireless network, unauthorized monitoring of wireless communications and other wireless vulnerabilities. Recommendations for improving the security of the wireless network will be identified in the final deliverables. All components of the wireless system are examined including: wireless access points, client configuration, and supporting infrastructure such as authentication servers, and access control devices.

Penetration Testing

ISecurity penetration testing assesses the effectiveness of an organisation’s security posture by simulating targeted real-world attacks by motivated threat agents to determine if the organisation’s information security controls can be breached. It is a systematic and structured, high-end analysis, testing and reporting exercise conducted in order to obtain an information trophy to prove that the security holes in your organisation are real rather than theoretical possibilities.

Penetration testing is most beneficial to an organization which has already undergone some amount of Vulnerability Assessment, and is seeking to validate controls put in place to mitigate risk. Penetration testing begins similarly to a Platform Vulnerability Assessment, but vulnerabilities may be exploited in order to validate their threats.

Network Architecture Review – Assesses network infrastructure design and configuration for deficiencies that would expose the organization to risk. A Network Architecture Review engagement is focused on the architecture of the network, with an emphasis on identifying and analyzing the effectiveness of security controls present in the network. The objective of a Network Architecture Review is to analyze the effectiveness of network security controls, identify weaknesses, and make recommendations for improving the security posture of the network.

Deliverables - ISecurity will present the results of the assessment to the client via highly detailed reports of findings. The report of findings includes details of the findings, impacts, risks, and recommendations. ISecurity Assessment Reports communicate to each level of management; executives, business owners, developers and operations staff. Additionally, ISecurity consultants are available for knowledge transfer to ensure that all findings and recommendations are clearly communicated.

-- Layered Systems Infrastructure Hardening Using Defence in Depth :--

Image

Most information technology infrastructure system components (operating systems, network devices, databases, applications etc.) offer multitude of features or services out of the box. These services are often left running which in turn increases the surface vulnerability of the system introducing technical security weakness into the organisation even though these services may not be required to achieve the planned system functionality. Other components may also have their inbuilt security configurations not configured or mis-configured, as these configurations may have been done from a functional and / performance point of view neglecting security. System hardening is a step by step process of securely configuring a system to protect it against unauthorized access, while taking steps to make the system more reliable.

ISecurity approach to systems hardening involves identifying all the organisations critical IT infrastructure devices and components, understanding their roles, constraints, relationship to other systems, their present (security) configuration and then deploying standard and customized industry hardening  guidelines to eliminate as many security risks as possible.

By hardening systems a layered defence mechanism is achieved, reduction of possible vectors of attack is also achieved by removing vulnerable and unnecessary services, patching security holes, and removing inappropriate access controls through secured configuration.