Entry Level Perimeter Defence Tests

Vulnerability assessment provides a cost effective way to test your infrastructure and perimeter defenses for weakness.

Our team will utilise 'best of breed' tools to detect and identify technical vulnerabilities that can be exploited by intruders to gain access to the network. Once the assessment has been completed, our team analyses the findings and a full report is provided, identifying your current risk levels, and recommending the appropriate countermeasures.

The service is based on the number of externally facing IP's which you would like tested examples of these could be your office Internet connection or an externally hosted website. Other network elements, which can be tested, include dial-up, RAS and VPN access points.

The Hacker-Eye View Of Your Network

More proactive and intrusive than a vulnerability assessment. Probing of a particular system and exploitation of vulnerabilities.

What is penetration testing?
Penetration testing is a formal approach to probing a computer or network system for weaknesses. The penetration test team, (Tiger Team) utilise the same procedures and techniques that real hackers do, using automated tools, live penetration attempts by test team members, as well as a variety of conventional and unconventional access methods

The object of penetration testing is to provide an informed view of the resilience of the security sub-systems and to support such views with evidence of the vulnerabilities, which can be analysed to determine suitable countermeasures.

A penetration test ends with a report to the affected line management on the results uncovered by the test, including recommendations to resolve or mitigate these vulnerabilities, in order to reduce risks to an acceptable level.

Why do it?
When your site is under attack, you can't afford the time to learn those security skills you've been putting off. As more companies and people are connected to the Internet, the numbers of hacking incidences are growing. With greater numbers of users surfing, more hackers are appearing, knowledge is being shared across the net and fledgling hackers ('script kiddies') are learning faster as exploits are published without any apparent control.

Yet security saves money! Many companies pay three times over for insecurity. Losses are suffered through security failure; costs are incurred recovering from the incident; followed by more costs to secure systems and prevent further failure. There is direct financial benefit from good security and indirect savings as well.

When should you do it? Unless you have performed one recently, and have amended all known vulnerabilities, the time to do it is now. Because your network is a constantly changing environment, every time you make a change in your system you run the risk of opening up new holes. Therefore the need to constantly keep a security policy up to date is imperative. Security is not a once off issue. Rits offer a penetration service that can include ongoing testing throughout the year, specific to the needs of each customer.

Security Is A Process Not A Once Off Engagement
A vulnerability assessment program against your organisation's defenses which provides expert analysis of the findings and recommendations to mitigate these issues.

Ongoing subscription service that betters equips a customer to proactively manage new threats.

With SafetyNet, customers enroll in a program that allows them to choose the frequency of assessments: quarterly, monthly, or weekly according to their needs.

The SafetyNet program provides security vulnerability detection and analysis for devices on a network, by a team of highly skilled professionals. The team works with you to provide the advice, analysis and expertise that you need to maximise the effectiveness, security and performance of your network.

A security assessment of your corporate network allows you to quantify the risks associated with open computing.

'I have a Firewall, therefore my network is secure'.

Not necessarily. A firewall is an essential part of a network security infrastructure, but simply plugging in a firewall and hoping for the best is risky. If your servers are poorly configured and security policies are lax, an attack is likely to succeed.

Start As You Mean To Go On...

When developing software applications, security must be considered during the planning stage, as security features need to be built into system design rather than "pasted on" after the fact. For more information on the range of our services visit our application security consultancy section.

We can help with the training of developers in best practice; advise through out the development process, and test the end product.

Strong Configurations Mean Secure Systems

We understand the problem of inherent vulnerabilities in operating systems and can address them confidently resulting in strong system configurations.

Weaknesses and vulnerabilities that exist on your servers are potential hazards that can give access and control permissions to the wrong people.

Server Hardening is a means by which a system is "locked-down" to make it as impregnable as possible. Needless to say consideration in maintaining a balance, between operational convenience for the users and your security strategy, is imperative.

Why do it?

Statistics show that more than 80% of breaches originate inside the organisation. These risks can take multiple forms. Unscrupulous employees may be searching for organisational advantages. A disgruntled employee may be co-opted by an industrial espionage agent, or a contractor, given access to corporate information may make illicit copies of files.

From the outside in, a firewall must be configured to allow or deny traffic. However, attacks that can bypass or circumvent a firewall will have free reign over the information on your servers. Thus the need to provide security features for internal computers must also be employed aspart of your overall security policy.

PCI DSS is the Data Security Standard for the payment card industry
In September 2006, the main Credit Card brands set up the independent PCI Security Standards Council to oversee and manage the Payment Card Industry Data Security Standard (PCI DSS).

Organisations which "store, process or transmit credit card information" need to comply with the standard.

What is the PCI Security Standard?

How does my organisation comply?

Rits can assist your organisation in all its PCI compliance requirements.

For more information on the exact steps that you need to comply with the PCI Data Security Standard or for general PCI requirements, please contact us.