|
Network Security Audit
We begin the process off-site by collecting information about the organization, footprinting and identifying the physical components and boundaries of the client's network. We need to bound the network and determine what is important to the client. This typically includes an information exchange with the client. We will base our assessment on the organizations security policies and procedures, the National Institute of Standards and Technology's (NIST) "Generally Accepted Principles and Practices for Securing Information Technology Systems", federal legislation such as the Gramm-Leach-Bliley act, Sarbanes-Oxley, FISMA, and HIPPA as well as other industry accepted best practices. We will attempt |
to discover vulnerabilities and assess any impacts to the security posture of the organization. We then perform an on-site security assessment to identify weaknesses and vulnerabilities in organizational and operational controls, and logical and physical security controls of the network structure. Data analysis and reporting is the final step. During this phase, we assemble all the information gathered during the course of our assessment and analyze the data to determine the risks to the network. We then provide recommendations on how to minimize these risks. We can, at the clients request, validate the countermeasures the client’s staff has implemented to correct vulnerabilities identified. Finally, PCSinet provides assistance in determining the best course of action to improve the security posture of the organizations network.
We generally tailor the breadth and depth of a security assessment to meet the organizations needs and funding profile. We can focus our attention on specific components the network that are of particular concern due to the critical nature of the asset involved. In this case, we can limit the assessment to a narrow, pre-defined portion of the client’s network or components, specific servers or systems, and conduct a localized technical assessment; we recommend however, that consideration be given to the fact that a network is like a chain, the component with the weakest security creates a threat to every other component in the network. |
 |
In an external assessment we conduct perimeter defense assessments of components through firewalls, routers, public access web servers and other devices designed to protect the network from intruders. In an internal assessment we conduct testing from behind the firewalls. We generally recommend that clients conduct both external and internal assessments. External assessments help determine the effectiveness of firewalls and other components used to defend your network from outsiders and their associated controls; internal assessments help clients judge the effectiveness of mechanisms that are designed to protect their network and its critical components from misuse and abuse from insiders, employees, trading partners, customers, etc. The internal assessment is also important because it discloses those vulnerabilities that an attacker might exploit if and when the network's perimeter defenses fail. |
|
Deliverables
The large numbers of automated reports generated from PCSinet’s vulnerability assessment tools, both external and internal, are "raw” data that needs to be examined for false positives, inconsistencies and other erroneous information. Our assessment review team examines all the reports generated by the automated scanners and data collected manually by the assessment team. A detailed report of our findings is developed with the recommended actions to mitigate identified vulnerabilities in the organizations information security and delivered to the client. |
| We have conducted information security assessments for both large and small enterprise networks, for public and private sector client facilities with equal success. We use a standard, highly disciplined methodology across all components of the security architecture, seeking frequently unexpected vulnerabilities. |
|
|
