This Solution is oriented to identify any possible gap on your company’s external and/or internal security barriers.
It involves several types of tests, some of them are performed by simulating frauds, or an attack scenario. In this way, you can see specific results with technical recomendations oriented to a fast implementation and correction of the identified issues, but always with focus on a personalized solution that brings the most proper technique for your company.
These are some of the analysis an test that Opengeeks performs:
The aim of the Intrusion Test is to evaluate the system’s status and reactions when facing intrusive attacks and to determine the System’s Security Risk level. “There is no better deffence, than the attack”. The best way to proof Systems security’s strengths is to attack them. Our function is to audit security systems by performing external attacks from a malicious intruder’s perspective.
One of the most common weeknesses on Security is the so-called Demilitarized Zone. That is to say, the net where a company places the Servers that will be accessed through the Internet. This Audit is meant to evaluate the security level of that net and report the possible repercusion of the DMZ on the Company’s internal network. The audit begins by trying to force an entrance into the Intranet, by simulating an attack from a hacker that has managed to pass through the DMZ’s external router/firewall.
The DMZ Audit is based on evaluating the border protection systems located in between the demilitarized zone and the Company’s internal network, as well as the different systems located on the DMZ (internal routers, firewalls, web servers, mail servers, etc)
Internal Network Audit
The Internal Network Audit is meant to evaluate the Security on your company’s Intranet.
For that matter, the Audit starts from two possible scenarios: A hacker that has managed to pass through the external and the internal router/firewall, or a Company’s employee with certain access level that will try to move up the privileges to gain access.
The Internal Network Audit is based on evaluating the security levels of the border protection systems placed on the Company’s Intranet (routers and firewalls inbetween the subnets), as well as the different systems located in the same net, such as: host systems, file servers, print servers, web, mail, news servers, etc.
In most of the cases, a Company’s Web-site include a number of small applications (Applets, CGIs, ActiveX, etc.) that help manage data sent by the users (personal info, orders, online payments, access control). Some other companies use their website for their clients/providers/employees to performa large viriety of commercial opperations such as: Internet Portals, online brokers/banking, e-comerce and extranets. This implies using a complex application that is executed from the Web or Application Servers and that manages all of these operations.
Opengeeks Solutions offers a service to analyze these specific applications in an independent and euxhaustive way, to search for any possible security issue.
Technical Security Audit
The goal of this audit is to review, from the Security perspective, every aspect involved on the Company’s Information System. The audit is based on performing exhaustive technical revisions in all systems, and the outcome is a complete and indepth report study on every level of the IS. This brings as a result a very exact view of the present and future needs regarding Security, always following the world wide recognized quality standard and procedures, such as ISO 17799.