Network Security audit is an important tool for any organization in order to understand the precautions taken against the everyday security risks. Quite often many technical solutions have been deployed in order to fix a specific security problem, but due to misconfiguration or lack of understanding of the technology or the problem trying to be solved, only limited value is gained from the solution.
Through the extensive experience gained by the KBITS senior technical team, we can offer a holistic view of the network security implemented in an organization. Our Network Security Assessment can be used as an important planning tool in addressing identified issues and handling security objectives at hand. Following is the methodology for Security Assessment:
Data Gathering & Project Set up:
1. Review of the project assumptions.
2. Detail the list of IP addresses to be scanned.
3. Arrange to configure (IDS/IPS) to accept the originating IP address.
4. Optional scan using User credentials.
5. Contact information for both parties.
6. Plan the scans including time-of-day.
Scanning Tools Set-up:
Configure vulnerability scanning tools for ‘Safe’ mode.
Conduct Vulnerability Scans:
Perform an in-depth scan of the IP addresses provided and any optional User credential scans to identify security weaknesses and vulnerabilities.
Vulnerability Research & Verification:
1. Verify all vulnerabilities discovered.
2. Identify false positives.
3. Determine the potential impact of exploited vulnerabilities.
4. Prioritize remediation efforts.
5. Generate specific recommendations for remediation.
Report Creation & Project Close-out:
1. Deliver a final report.
2. Scheduled project close-out teleconference.
3. Ensure full understanding of the recommended remediation actions.
4. Facilitate an effective knowledge transfer.