Even the most basic connectivity implementation can have holes in it, from switching/routing firmware flaws to inadvertently enabled VPN protocols or badly configured firewall rules and that's what Network Security Auditing is all about, an impartial double check of the security measures you've already implemented. During the audit we will attempt direct and indirect exploitation of your systems to reveal any possible issues with the network fabric, then we'll turn to what is by far the largest risk to security, the staff. Giving staff access to ONLY what they require to do their job has been the default position on network security since the 70's but its so often the case in smaller companies that staff have access to way more than they need, sometimes even administrative privileges! Below is a very simple overview of the audit process:
- Analyse network security from the public internet - check for vulnerabilities and exploits.
- Analyse network security from the LAN (or WAN) - check for vulnerabilities, exploits, and sample the data stream for unknown or suspicious packets.
- Analyse the LAN for RAT (Remote Access Tools) that have been willingly or unknowingly installed and have open connections to the internet.
- Run a full security scan of storage and fabrics. Ensure that corporate data is secured in such a way that would make its compromise very hard.
- Analyse user permissions, reach and effect. Look at password strengths, two factor authentication, and of course post-it notes with passwords on them stuck to the front of PC's.
- Analyse cloud based services for security and resilience.
- Analyse anti-virus and IDS systems for effectiveness.
- Analyse Wifi Networks, connectivity and compromises.
- Analyse laptops, tablets, and other remote solutions which may or may not have an impact on network security.
- Analyse Staffing risks, single point of failures, and high risk individuals.
And then we write a full and detailed report of our findings with recommendations at each stage. Once all the issues have been resolved we'll re-audit again to confirm. Security Auditing is priced sensibly on a day rate basis, and one day is often sufficient for small businesses with one connection. Larger organisations may take several days or more but we will be able to provide an estimation prior to commencing any work.
If you think your business would benefit from a Security Audit then contact us today for more information!