Our approach in the area of security sets us apart from others in the security field; with the identification of areas for concern or exposure, we will also recommend pragmatic ways forward for improvement based on industry best practices. Occasionally the issue may be a specialist area where business software application vendors, or manufacturers need to advice or resolve, however normally with certified technical expertise in Microsoft server and application technologies, in many areas of networking and firewalling, and in web hosting, software and database development, we can advice on resolving many technical and process exposures, and more importantly we can propose pragmatic solutions that are relevant to small and medium sized businesses.
The relevance of pragmatic reviews to smaller and medium sized businesses is often of key importance to our SMB clients, and as a Microsoft Small Business Specialist, Microsoft Certified Partner and Cisco Small Medium Business Specialist we know the SMB area very well.
Security review reports
We combine and complement our expertise with our computer assisted audit tools, including vulnerability scanning tools. Although we will discuss client requirements and customise our review appropriately, our security reviews often typically evaluate.
• Information Classifications.
• Who, or what entities are dependent on the security of systems.
• Impact of breaches.
Infrastructure Topology & Configuration
• Security measures in server & systems architecture.
• Network Topology; separation and firewalling.
• Infrastructure located.
• People identified and authentication.
• Data controlled.
Application/database configuration and architecture
• Separation of data.
• Hardening procedures for applications and databases.
• Access tied to roles.
• Approval process.
• Traceability of users/administrators.
• Visibility of access.
Authentication and Authorization
• Technologies used in authentication.
• Password or authentication complexities.
Remote Access/VPN Access
• Encryption levels used.
• Systems accessibility via Remote access.
• Change management in place.
Updates, Patching, and Anti-Virus
• Methods employed to keep systems current
• What AV software is in use, where employed, and frequency of updates
Monitoring and Logging
• Network, Database, System, Application Logging
• Intrusion detection
Disaster Recovery, Business Continuity Planning
• Data backups
• Documented & practiced DR & BCP plan
• Non-production environments
• Computer usage
• Appropriate training Netgear.