IT Security & Risk Assessment

Full Cycle Software Implementation - Enterprise Software Integration | Migration and Reengineering
Application Development | Network Design & Implementation | Database Design & Management
IT Security & Risk Assessment | IT Professional Staffing Services

MPSC assesses the state of your e-business security from all angles. We cover all your technologies and information assets - your network, web site, servers, applications, hardware, data, even the physical storage of your computers and information. And we use a variety of techniques – depending on what we are testing and what you are hoping to achieve from the assessment.
MPSC’s Security Assessment Services include the following:

• Web Site Health Checks
• Penetration Testing
• Firewall Auditing
• Security Auditing

Web Site Health Checks Description

A Web Site Health Check is a routine check of the security of your web site. MPSC tests the security of various attributes of your web site and then provides the findings in a report, along with recommendations for fixing any problems found.

A Web Site Health Check will indicate the state of security of your web site and what, if any, vulnerabilities you need to address in order to improve that security.

A Web Site Health Check involves MPSC:

• Probing your web site for applications and services running on open ports;
• Performing operating system fingerprinting;
• Performing TCP/IP sequence prediction;
• Checking for known vulnerabilities in your CGI scripts; and
• Checking for known vulnerabilities in your web server, operating system and application software that can be exploited by hackers over the Internet.

Deliverables

After performing your Web Site Health Check, MPSCs provides you with a report detailing:

• The vulnerabilities in your web server;
• Which ports are open and what applications are running on those ports;
• Which CGI scripts are insecure and contain flaws;
• How easy it is for hackers to identify your operating system; and
• How easy it is to hijack a TCP session on your web server.

Penetration Testing

Penetration Testing involves MPSC attempting to penetrate your network from the Internet. We attempt to break into your network from all possible points of entry, uncovering and exploiting whatever vulnerabilities we find in your network, software and hardware. We then issue our findings and recommendations in a comprehensive report.

A Penetration Test will give you a “hacker’s view” of your network. It will not only uncover the vulnerabilities that exist in your systems but also indicate which vulnerabilities pose the greatest risk. Armed with this knowledge, you will be able to prioritise and fix the problem areas in your network. Consequently, you will be able to minimize the risk of unscheduled outages, damage or destruction to your information assets, financial loss, and the other detrimental effects of a security breach.

Depending on your requirements, MPSC runs on-site and remote tests on your systems including (but not limited to) the following:

• Firewall / Gateway environment
• Web servers
• DNS servers
• E-mail servers
• Database servers
• Routers and switches
• Custom and proprietary applications
• Windows and Unix servers

Deliverables

MPSC delivers a comprehensive report suitable for both your management and technical staff. Included in the report are details of:

• Vulnerabilities found, including the risk and likelihood of malicious users/hackers exploiting these flaws;
• Recommendations for fixing, patching or applying workarounds to these vulnerabilities;
• Possible causes of the vulnerabilities; and
• Recommendations for preventing such vulnerabilities arising in the future.

Firewall Auditing

Firewall Auditing involves MPSC reviewing your firewall hardware and software, its configuration, and your firewall operating system, for problems and vulnerabilities.

The firewall is a hacker’s first entry point into your network. Performing a Firewall Audit will uncover the vulnerabilities that exist in your firewall – whether they exist in the hardware, software, or its configuration. Armed with this knowledge, you will be able to prioritise and fix any such problem areas. Consequently, you will be able to minimize the risk of unscheduled outages, damage or destruction to your information assets, financial loss, and the other detrimental effects of a security breach.

A Firewall Audit involves MPSC analysing the configuration of your firewall. This includes but is not limited to:

• Software and hardware versions
• Rule base:
  -- Traffic to internal and external networks
  -- Internal and external services passing through your firewall
• Software configuration, including:
  -- Known hosts
  -- IP addresses
  -- Implied rules
  -- NAT
  -- Proxy configurations
  -- Content filtering
  -- Firewall management
  -- Remote connections (i.e. dialup/VPN clients)
• Operating System – including file permissions, applications, user accounts, security patches and hot fixes
• Log files
• Verification that the firewall configuration meets your Gateway and Information Security Policies

Deliverables

MPSC delivers a comprehensive report suitable for both your management and technical staff. Included in the report are:

• A detailed analysis of the current firewall load, traffic and security incidents including:
  -- Alerts / critical events
  -- Warnings
  -- Unusual or excessive bandwidth usage
  -- Breakdown of web, e-mail, FTP, telnet activity
  -- Remote management
  -- Internal and external addresses that trigger firewall rules
  -- Protocols that trigger firewall rules
• Recommendations for improving your existing firewall rulebase and configuration;
• Vulnerabilities found, including the risk and likelihood of malicious users, hackers and business partners exploiting these flaws;
• Recommendations for fixing, patching or applying workarounds to these vulnerabilities;
• Possible causes of the vulnerabilities;
• Recommendations for preventing such vulnerabilities arising in the future; and
• Recommendations for complying with your Gateway and Information Security Policies.

Security Auditing

Security Auditing involves MPSC appraising the state of your information security. MPSC analyses the security of your LAN/WAN, servers and workstations, as well as the physical security of your computer room.

A Security Audit gives you a detailed analysis of the effectiveness of your current security measures. Armed with this knowledge, you will be able to prioritise and fix any problem areas. Consequently, you will be able to minimize the risk of unscheduled outages, damage or destruction to your information assets, financial loss, and the other detrimental effects of a security breach.

MPSC begins the audit process by, firstly, gaining an understanding of your network architecture and developing a footprint of the entry and exit points to and from the network, taking into account your physical security. MPSC then identifies and rates the security policies and measures you currently have in place. In doing so, MPSC identifies what security controls (ranging from locks on doors to security software) have been implemented, how they have been configured, how up-to-date they are, and how effective they are, based on known vulnerabilities. We then issue you with a report containing our findings and suggesting areas where improvements may be made.

Deliverables

MPSC provides you with a comprehensive report suitable for both your management and technical staff. Included in the report are details of:

• Vulnerabilities found, including the risk and likelihood of malicious users, hackers, customers and business partners exploiting these flaws;
• Recommendations for fixing, patching or applying workarounds to these vulnerabilities;
• Possible causes of the vulnerabilities; and
• Recommendations for preventing such vulnerabilities arising in the future.

Can we help you?