CS Security - Leading the way in security

Do you know the current vulnerabilities of your networks, servers and databases?

Our security audit is designed to answer the specific question: how can your employees, external individuals or systems gain access to information they should not have in your private network?

We take a multiphase approach to answering this question:

	Perform an internal network and system assessment
	Perform an external Internet vulnerability assessment
	Review your Internet security systems and their policies such as the firewall and IDS systems
	Review your security policy and how well it has been implemented with the network security solutions you have put in place

The majority of security breaches still occur from within a company. Your employees already have access to your network and data. How can they get to restricted areas on your network? For example, your typical user may have access to the main file server, printers, and the Customer Service application server. How could they get access to your financial server by exploiting vulnerabilities in the network or network operating system? Do they need an ID and password on the financial server or could they simply "listen" to the network traffic with a simple "sniffer" they download from the Internet bypassing ALL your security measures? Our comprehensive internal network review will help identify and provide solutions to those areas which can be exploited by a disgruntled employee.

Our Security Engineers act like a hacker trying to access your network resources through the Internet. Our goal is to identify vulnerabilities or weaknesses in your systems that are accessible to the Internet.

The Security Engineer will also perform a review of your firewall, router and other Internet security systems you may have in place for such things as:

	Version and patch levels to make sure you are running the appropriate versions for your environment
	Report on any known system vulnerabilities in the systems you are running
	Review specific configurations and rule sets to identify weaknesses in the implementation of your security policy

They will also perform a review of your security policy. Does it cover the basic areas of network security? Is it documented and distributed to your employees on a regular basis? Do your employees sign a security statement acknowledging that they have received, read, and understand the corporate security policy? Are your current security solutions effectively implementing or upholding your security policy? These are the types of questions we ask during our review.