Computer and
Network Security Audits
Simpar International provides several security
auditing services to determine your company's exposure to outside attacks
through its LAN, WAN or Intranet.
Our External Security Audit includes a wide range of scans and tests that
can be performed to detect existing vulnerabilities. Based on the results of
the External Security Audit, we provide Security Remediation Services to
help you make hardware and software configuration changes to specific
devices. Finally, to help eliminate problems such as internal virus
outbreaks, unauthorized LAN traffic monitoring, and other internal security
problems, we can provide an Internet Security Audit. If a real-world test of
security is desired we can perform actual attacks and break-ins to expose
security holes in your network.
Why are network security auditing services important? First, because they
greatly reduce the probability of security incidents and downtime. Second,
because in the event a security incident should occur, proof of prior
security audits and follow-up remediation is evidence of due diligence that
may protect a company from legal liability, or limit damages.
External Security Audit
An External Security Audit will test your network devices and servers for
vulnerability to a wide range of exploits, viruses, worms and other common
Internet attacks. On completion of the audit, Simpar International will provide
your company with a detailed report containing the test results and
remediation recommendations. Typical completion time for an External
Security Audit on small networks (less than 50 devices) is 5 days.
Internal Security Audit
An Internal Security Audit starts with a threat-discovery meeting in which
specific security problems are defined. Typical security problems include
frequent virus outbreaks, unauthorized access to sensitive email or
documents, unauthorized network bandwidth usage, or a lack of a well-defined
company security policy. Once the problem definition is complete, Simpar
International will work with you to determine options to minimize or eliminate
the security problems. A final report will be made detailing the problems,
risks, and recommended changes. An Internal Security Audit usually takes
between 5 and 15 days to complete but depends upon availability of IT
personnel at your company.
Real Attacks and Break-ins
The ultimate test of any network security is to survive an attack by
experienced and determined crackers. Upon client request Simpar
International will
attempt a variety of attacks and break-ins on your machines that would be
typical of those most likely to target your company. If you anticipate
attacks coming from individuals with limited resources and knowledge (e.g.,
"script kiddies") this can be a relatively inexpensive operation. However,
if you anticipate attackers with Government or corporate resources, a
realistic attack can be more expensive to mount and may require specialized
hardware, personnel, travel expenses, and other resources.
Among the services we can provide are:
- Machine Break-ins
- Domain Hijacking
- Denial of Services Attacks
- Cracking of user passwords
- Retrieval of sensitive documents
- Network insertion of backdoors, sniffers, viruses, etc.
- Physical Access to sensitive hardware or software
At the end of this process, you'll receive a detailed report showing how
we accomplished a given attack and identifying the security weaknesses that
allowed it. Recommendations will be provided to correct the security flaws
discovered and Simpar International can provide Security Remediation Services to
help correct such problems.
Security Remediation Services
Simpar International will work onsite with your IT department to harden any
hardware or software against attack, break-in, or other security issue.
If you'd like a quote on the cost of performing a security analysis for
your company, please
give us a call today. |