IT systems are compromised everyday. Whether the intent was malicious or accidental the sytems are ultimately affected. In some cases the damage is obvious with system performace affected or systems that are unstable or unavailable. More often security breeches are undetected for long periods of time. The less obvious are usually the most critical and therefore damaging. If your company deals in confidential information (especially regulated industries such as health-care, HIPAA), then a regular security audit is necessary. Another misconception is that all security compromise is a direct "inward" attack from viruses, internet hackers, etc. Many times the security breech has occured from "within" the company, again either intentional or accidental.

There are mutiple tools and processes already created within the security community by such orginazations such as the SANS (SysAdmin, Audit, Network, Security) network. Tsaba Networks will use these standards and tools, such as checklists, developed by such orginisations during our audits. We will also use a variety of system tools, such as port scanners, auditing software, and others to accomplish our tasks.

Our approach:

Physical inspection of all network equipment.
Physical inspection of all computers.
Software scannning of the network including routers, servers, firewalls, operating systems, patches, account policies, registries, etc - for potential or known security "holes"
Complete review of all policies and proceedures including: email, remote access, passwords, physical access, backup procedure, contingency plans, etc.
Using software tools we will perform internal and external attack and penetration testing.

Once we have completed our audit, our network engineers will provide a written report of our findings and recommendations. The report will categorize your vulnerabilities into risk categories of Critical, High, Medium, and Low and sorted according to specific area. Our report will also offer solutions to the identified security risks. Potential solutions fall in the following categories:

Re-configuration of network to create an isolated zone\DMZ
Re-configuration, installation, or upgrade of virus protection software.
Change to a configuration setting.
Installation of a software patch.
Implementation of a new procedure.
Employee training in prevention and monitoring.
Installation or upgrade of hardware.
Installation of monitoring, scanning, or intrusion detection devices or software.

Tsaba Networks has the ability to review corporate assets as well as individual assets where required.

Print this window