Security Analysis
Foursys Network Security Assessments provide a comprehensive review of your organisation’s information security. Using industry standard methodologies our consultants will perform a series of assessments designed to discover areas of concern in your infrastructure, procedures and policies.
Our customisable assessments include a series of network audits, procedural and policy reviews, as well as interviewing staff and assessing end-user security awareness. The results are presented in a clear and concise report, and provide advice to help remediate any vulnerabilities discovered.
Every Foursys Security Test can be customised to address your specific concerns, to find out what your organisation needs to do in order to improve security.
Business Benefits of a Foursys Security Assessment
-
Think like the enemy - Identify vulnerabilities from the perspective of a malicious or “black hat” attacker
-
Ensure compliance with regulatory standards such as the Data Protection Act
-
Ensure that due care is demonstrated by your organisation and its directors
-
Help to preserve your brand and reputation
-
Protect against data loss leading to potential legal action
-
Provide reassurance that your staff are working to best practices
-
Help highlight areas that can be improved using your existing security products licenses and technology in order to achieve return on investment
How much will it cost?
Foursys can explain which areas can be covered and for what cost. So even if budgets are tight but a concern has arisen around an aspect of information security, then a security assessment can help identify any problem or risk and provide the practical recommendations that you need.
Foursys Network Security Assessment - External Test.
- External security assessment of public facing systems
- Full port scan of all devices
- System fingerprinting
- Identify vulnerabilities within firewalls
- Assess for vulnerabilities in common services (HTTP, SMTP, VPN etc)
- Identify potential backdoors and mis-configurations
- Test IDS/IPS systems
- Clear written report with prioritised recommendations
- Free re-test once problems remediated
 |
You can be confident in the expertise of the security consultants who carry out the analysis on your network as many have passed the Certified Ethical Hacker course. |
-
Foursys Network Security Assessment –Internal Test
-
The Foursys internal assessment is an in-depth analysis of your existing security measures. There are three levels of assessment, each of which can be tailored to suit your specific requirements.
| Level 1 | Level 2 | Level 3 | |
| Clear written report with prioritised recommendations |  |
|
|
| General Assessments (Including basic wireless, account security) | |
|
|
| Detailed port scan (limited network cross section) | |
||
| Detailed port scan (large network cross section) | |
|
|
| Patch audit (limited network cross section) | |
||
| Patch audit (large network cross section) | |
|
|
| Gateway configuration and testing | |
|
|
| Endpoint testing and configuration | |
|
|
| Event Log Analysis | |
|
|
| Policy and procedural checks | |
||
| Infrastructure Review | |
||
| Physical security tests and checks | |
||
| (AD) Password Audit | |
User awareness & Social engineering can also be undertaken and added to any of the above packages (customisable to your specific requirements)
General Assessments
Your Intrusion Prevention System is active, your top of the range firewall has been installed, and all of your computers are encrypted. But what about the rogue wireless access point or the administrator account with the weak password?
It is not uncommon to get lost in the detail and overlook something apparently basic. Which is one of the key reasons to have an external organisation assess your security. Foursys consultants will perform a series of basic but critical assessments to detect such problems.
Detailed Port Scan
Often vulnerabilities are exploited on systems running unnecessary or unknown applications. For example, a user with administrative rights may have installed an Apache web server on the personal computer for testing or as part of a package. Ad-hoc services such as this are often left un-patched and are therefore vulnerable to potential attack. Foursys will report on all services running on your network so you can be sure that only authorised and managed services exist, resulting in a reduced attack surface.
Patch Audit
Exploits resulting from un-patched vulnerabilities in operating systems and applications are common but easily preventable. Foursys will perform two separate audits of your patch compliance to ensure that your in-house procedures for patching are effective.
Gateway configuration and testing
Content filtering at the gateway is a common way of preventing the delivery of infected emails and preventing access to infected websites. Foursys will test your gateway devices and configuration to ensure that they are effective both at blocking inbound threats, and preventing internal users from bypassing them or avoiding detection.
Endpoint testing and configuration
Foursys will audit the configuration of crucial endpoint components, such as anti virus, to ensure they’re providing effective protection. Reporting information provided in management consoles can often be incomplete or inaccurate, so testing the endpoint directly frequently reveals unknown vulnerabilities before they are exploited. Results from these assessments can also be compared to best practice guidelines, and those provided by software vendors.
Event logs analysis
Foursys can perform a degree of event log analysis across windows servers to identify security related issues from account lockouts to duplicate SIDs.
Policy and procedural checks
How would your team react to a virus outbreak? Are your password policies effective? Foursys will work with you to discuss and review your policies and procedures and provide advice based on industry standards and our own experience.
Infrastructure review (Network configuration , Directory Service review)
Incorrectly configured security or incorrectly configured security solutions can lead to back doors and holes within your network architecture (including DNS/active directory/account permissions etc.).
Foursys network security assessments can help identify and mitigate against these using our detailed analysis.
Physical security tests and checks
Be it an attacker entering through an unprotected door and using a computer, or a trusted staff member accessing your datacenter, inadequate physical security can render your technological protection worthless.
Basic physical security controls can help protect against data loss, hardware theft and unauthorised access to your infrastructure. Foursys will review your physical security and highlight any potential weaknesses.
User awareness & Social engineering (customisable to needs)
Would a user divulge their password over the phone? Would a member of your helpdesk ask for it? It is often said that employees are the weakest link in security, and if you’re concerned that the answer to either question above could be “yes”, than Foursys can help to assess the problem.
