|
| KLEANMAIL / MANAGED SERVICES / SECURITY / HOSTING / APPLICATIONS |
 |
|
SECURITY - Assessment Services Risk Analysis Your enterprise risk level can only be determined by a comprehensive evaluation of all security controls, including all technical factors, as well as policy, daily processes, and other critical areas. OOI will go several levels beyond simple network and system-level vulnerability scanning. We will assess the entire security posture and provide you with a corrective roadmap, prioritized based on risk level, cost to implement, and complexity. You can then either apply the corrective measures yourselves, or enlist our assistance. Penetration Testing This service is primarily designed for organizations wishing to validate the effectiveness of their security defenses. The most basic penetration test is an examination of your Internet presence, probing for visible systems, switches, routers, etc., and then employing known techniques for breaching security on the devices. Once attacks are successful, we will attempt deeper levels of penetration based on previously hidden or protected portions of the network. Since active attacks are being used, your intrusion detection systems should detect these tests, providing you a method for evaluating the effectiveness of your IDS monitoring and alerting as well. If the penetration tests are successful, they will provide valuable insight into your security weaknesses. If unsuccessful, you can be commended and should sleep a little easier. A more involved penetration test will include all known methods for gaining unauthorized access to your environment. This includes insecure modems, unprotected extranet connections, Internet vulnerabilities, social engineering, insecure remote access methods, and other techniques specific to your environment While a one-time snapshot of your enterprise security is extremely useful, OOI believes that penetration testing should be included as a basic element in your overall security plans, something that is performed frequently with some degree of automation, and almost never on an announced basis. Whichever approach you choose, OOI has the system and network-level expertise to carry out a highly effective attack. One you can count on to uncover your risks. Application Testing Application security testing addresses the multitude of potential vulnerabilities introduced by the recent rise of the web enabled e-commerce. A web application is software that is interacted with via a web browser or an agent acting as such. A typical deployment of such technology involves clients submitting and retrieving data through the browser, with the brunt of the processing occurring on the server in any one of numerous platforms. Vulnerability scans often will not expose these weaknesses, as applications may be customized or developed specifically for exclusive business processes. As such, automated scanning tools are ineffectual in determining exposures in such unique environments. A proper security review requires full understanding and examination of the context and components of each application. Components of the review process include buffer overflow, session management (session hi-jacking, replay attacks), input validation (cross-site scripting, SQL injection), parameter manipulation (cookie, form field, and HTTP header manipulation), privacy violations (artifacts in browser cache and history), information leakage (error codes, debug commands, HTML comments), and misconfigurations (default accounts, sample scripts). |
|
||||||||||||
|
| ||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
