What is a Site Security Audit?
We examine your Web site to find out how vulnerable your data and machinery is to malicious attack, and determine the vulnerability of any information or access channels that should be private.
Every site on the Internet carries with it the potential for malicious people to take advantage of its server, its applications and its data. Every site on the Web carries with it a security risk, no matter what.
At the same time, you cannot be expected to know all the possible security holes, the latest attack methods, and the approaches to keeping a site as secure as possible
Acceptable Risk
Not everyone needs to have the most secure Web site possible. If your site is so secure that it cannot be used efficiently by legitimate users, you've probably gone too far.
On the other hand, if you're accepting credit card numbers without encrypting them, you're running the serious risk of getting sued and losing everything you own.
What can be included in our Security Audit
1. Server and Host Security
Analyze and review your site hosting and transaction processing server(s), network configuration and data storage and backup plan.
2. Application Security
Analyze and review your software code for known security hazards, advise on the security hazards of any third party software you may be using.
3. Data Security
Analyze and review storage of data on disk, data backup and recovery plan, and the protection of sensitive information during storage and transfer.
4. Potential Weaknesses and Vulnerabilities
Evaluate your site to identify and test possible exploits and weaknesses which may expose data, allow fraud or misuse, deny service, or cause public-relations disasters.
We present a detailed report of our findings, including recommendations for fixing any problems we encounter. You can use this information to identify potential problems, and to help you determine your own acceptable level of risk.
Security Penetration/Vulnerability Analysis
Benefit: Most computer security statistics show that over 80% of all computer related fraud is committed by insiders. Insiders often have a motive to strike against a company. However, corporations that have Internet connectivity are susceptible to a greater number of potential hackers. Most corporations have multiple access points to corporate resources. Some of these are known, some of them are unknown. 360connect's security penetration/vulnerability analysis will uncover any potential exploits.
Service Description: 360connect uses the following steps to generate a security penetration/vulnerability analysis:
Validate the Network Access Control Rules
Since most network access control products are user configurable and prone to human errors, 360connect will validate the rule set against the corporate security policy and the known Internet attacks.
Use Hacker Tools
The most effective way to break into a system is to use the tools that hackers use. 360connect uses a wide variety of custom written tools to uncover weaknesses in the firewall and router configurations. The most susceptible machines are the public accessible hosts (e.g., WWW, mail, news, and anonymous ftp).
Platform Misconfigurations
Optionally, this analysis can test for platform misconfigurations (e.g., NFS, NIS, and .rhosts). It will also verify the strengths of user passwords.
Security Penetration/Vulnerability Analysis Report
The report will document any exploits found in 360connect testing and suggest possible security solutions to alleviate the vulnerability.
Time Frame: The time necessary for a security penetration/vulnerability analysis depends on the size of the organization and their security awareness, as well as, resources. This analysis is also offered quarterly for external testing only.