NASK
contact site map polski
about NASK what's new offer customer service cooperations with dealers
 
Internet Access
Corporate networks
Telephony
Digital Leased Lines
Security
Security audits
Wireless network security audit
SAN network security audit
Firewall
Corporate Firewall
IDS/IPS solutions
Strong authentication systems
Qualified incident response
Nomadic Services
NASK Collocation and Hosting Centre
Videoconference
Enquiry form
FAQ
DOMAINS

 

  
offer
Auditing Tests and Analyses print

The key tests and analyses conducted as part of a security audit are:

  • penetration tests — depending on the agreed scope, tests are run using network analysis tools. These tests are used to determine the role of devices, their positions in the system topology, and impact on other elements as well as to understand their principles and mechanisms of cooperation with security systems or other systems that provide services and support. Such tests may be applied to hardware network ports in order to detect potential security vulnerabilities in the available services. They can also include “denial of service” techniques and tools that exploit discovered security flaws.
  • A topology analysis of the entire system — enables an evaluation of the security of the whole system, especially the choice of technologies and mechanisms used to support interconnections with external networks.
  • A security analysis of the hardware configuration — allows us to estimate the vulnerability of individual devices to attacks exploiting weaknesses of operating systems and their configurations or of the applications they provide.
  • An analysis of the compliance of hardware configuration and operation with security policy guidelines — this test verifies the actual, current condition of the element and compares it with the condition assumed in the relevant Security Policy document.
  • An application vulnerability analysis — detects weaknesses in applications (as well as systems they communicate with, e.g. databases) and their vulnerability to known attacks by using application windows available to regular users.
  • An application code analysis — verifies the way the code was written and the security of used functions.
  • System implementation verification — tests the correctness and quality of implementation of systems or telecommunications solutions as well as their compliance with best engineering practices, design guidelines or other documents that specify the operating framework and principles. It also includes an OP-LOCAL test.
  • An application topology analysis — estimates the security level of an application, taking into account its design, operation and other elements like cooperation with the environment.
  • Periodic audits — periodic security level monitoring of selected system elements as well as verification of the efficiency of security measures with regard to current threats.

 

 

<return <   |   return to  Security audits
^ go top ^
 
     
Copyright © 2004 NASK. Created by: GDP.PL