AUDYTY BEZPIECZEŃSTWA

SECURITY AUDITS

Security audit is a detailed cybersecurity- penetration testing service, consisting in the control and analysis of IT systems, the purpose of which is to most accurately determine the security status of the indicated IT system and the organization's IT security policies.

audyty_bezpieczeństwa

AUDITS OF NETWORK DEVICES

Analysis for: Brocade, Cisco, Juniper Networks, Huawei, HP, Extreme Networks.

General analysis of security rules and configuration. Analysis of the software version in terms of known vulnerabilities.

Analysis of device access configurations, device management methods, protocols used, access lists.

Analysis of event logging mechanisms, system event logging, transferring events to external systems.

Review of users obtaining access to a device, access rights granulation, administrative profiles, cooperation with external systems for authentication, authorisation and processing.

Analysis of the configuration of security rules in terms of ACL rules and best practices.

Analysis of software update mechanisms and security functionality signatures.

AUDITS OF SYSTEM
AND APPLICATION CONFIGURATION

These audits are intended to verify whether the existing configuration of software used on an organization's infrastructure components is secure.

 

The configuration files of all the services used by a given component are subject to tests to gauge the level of protection they provide. We check if particular services are isolated from one another and from the operating system at the level of access permissions so that in case of a security breach the risk of the whole system being intercepted is minimized.

Moreover, the tests cover all the other, peripheral services operating on given machines in terms of security, as well as their overall usefulness. The latter frequently proves negligible while having negative impact on security.

We perform configuration audits based on our signature expert approach relying on best market practices, CIS Security Benchmark, DISA STIGs, as well as OSSTMM and PTES standards.

The audit includes the following components:

  • Interview with the person in charge of the infrastructure component being scrutinized

  • Analyzing the architecture of the solution where the audited component is used

  • Verification and analysis of the configuration of infrastructure components

The scope of the audit may cover such components as:

  • Network devices: switches, routers, firewalls, access points, printers / multifunction devices

  • Operating systems: server / desktop / mobile

  • Servers: database / application / DNS / mail

  • Cloud components

  • Software

  • Virtualizers

audyty_konfiguracji_systemów_i_aplikacji
audyty_kodu

AUDITS CODE

The audit aims to analyse in detail internal application mechanisms in terms of security as well as to identify the vulnerabilities which may be tricky to detect without the source code.

Code analysis enables in-depth understanding and review of application sub-systems, such as authentication, access control, integration with a database, etc. This solution offers the highest precision.