Network Vulnerability Scanning
Network vulnerability scanning
Network is the primary channel for launching attacks against systems and infrastructure. Identifying vulnerable entry points into networks is an important first step in the defense strategy.
Network vulnerability scanning is an approach for identifying these vulnerable entry points. Network vulnerability can arise from relaxed firewall rules or unpatched systems. The scanner initiates connections to the targeted systems by sending specially crafted packets to solicit responses to uncover potential vulnerabilities, much like a skilled attorney putting carefully crafted questions to court witnesses socilitating responses in order to extract the truth.
Our team design and build the infrastructure and operational processes required to deliver the targeted scanning coverage. This can include a hybrid service model where both external vulnerability scanning service providers and internal scanner systems are deployed. External service providers perform independent scans of the external network perimeter. Strategically positioned internal scanners cover internal networks behind firewalls which would otherwise be out of reach of external scanners.
Cost is a material consideration in the design of scanning regimes. Cost is not limited to fees charged by external service providers and the deployment and maintenance of internal scanners. There is often a significant process cost to review and action on the findings from these scan results. Managing the scanning scope based on risk assessment and integrating with the incidence response process is the key in containing the cost of such an exercise. Our team works with our clients to achieve this goal.
Firewall Heath Check
Firewalls are still a staple in most network security designs although their relevance is increasingly being challenged by the concept of de-perimeterization discussed at length at the Jericho Forum. Nonetheless, performing regular health checks on firewalls is still an essential maintenance task.
There are two dimensions to a firewall health check:
Tuning – best practice configuration
Firewall rules review
Our team is expert in the following firewall products:
Check Point Software Technologies
Palo Alto Networks
Fortinet
Juniper Networks
We review and tune your firewall configurations based on manufacturer best practice recommendations as well as industry best practice based on our own operational experience managing our clients’ production firewall infrastructures.
Our firewall rules review process is based on reviews of historical firewall logs to identity rule usage and ordering. The goal is to place most frequently hit rules at the top of the rules table to reduce the computational processing required to find these matching rules. This is easier said than done because of two policy constraints:
Management practice in labelling and grouping firewall rules
Functional constraints in rule ordering where more specific rules must come before generic rules
The first challenge is similar to the legislation process where laws are often discussed and developed in an isolated context resulting in fragmentation and legal loopholes. It requires herculean political will to update and align legislation to catch up with social and technological changes.
The second challenge is similar to the effort in closing legal loopholes which often simply cannot be plugged without creating other equally or even more damaging loopholes. In other words, firewall rule review is more an art than a science!
It should be noted that the decision to “take no action” as discussed under “IT Audit” is a valid business decision. Our team works with our clients’ teams to identify the available rule tuning options, dimension their potential operational impacts and facilitate the development of consensual organisational decisions.
VMWare Infrastructure Security Health Check
The VMWare infrastructure security health check reviews VMWare server configuration based on the VMWare hardening guide and industry best practices for virtual network and storage designs to control “VM sprawl” problem.
Data Loss Prevention (DLP) System Review
Reviews the effectiveness of DLP in detecting and preventing leakage of protection information outside the organisation.
Security Information and Event Management (SIEM) System Review
The purpose of IT audit is to provide an assessment to the delivery teams on how well they are managing IT risk but comparing their processes to applicable security standards and procedures.
However it is a common misperception that IT audit is only about measuring compliance. While it is procedurally correct that audits do result in creating measurement in levels of compliance against the audit policies and standards, it does not in itself create any business value.
Audit is best viewed as a tool to identify and management IT risks. All forms of risk management have cultural and operation dimensions. Policies and standards represent consensual risk views and appetite. Compliance measurements help people to understand their current practice and process relative to the expectations placed on them.
It is often said that business is all about risk management. It is, therefore, natural for business units to take calculated risks within risk guidelines. However it is often difficult to fully understand the risk implications of certain operational decisions particularly when complex technology is involved such as consumption of cloud services. Gaps identified in the compliance report compel teams to come together to make sense of their collective operational decisions and develop appropriate responses. It should be noted that the decision to “take no action” through “risk acceptance” is an explicit and documented decision.
Network Access Control (NAC) System Review
Reviews and tunes NAC policies in order to improve user experience while enforcing access policies and minimising operational costs.
SSL Cert Management Review
Reviews SSL management process to ensure private keys and corporate domains are protected from being hijacked.
DNS and Domain Design Review
Reviews DNS infrastructure to ensure Internet based services are highly responsive and available.