Phortress Security Services providing up to date advice and
intelligence on IT security issues.
Our Services include:
Lost password recovery
Recovery of password information from:
Servers
Desktop PC
Laptop PC
AppleMac
locked files and folders
Also recovery of passwords from network devices
Data Recovery
We can recover data from Hard drives, CD’s, Flash drives, Floppy disks.
We also provide a service for RAID/NAS, SQL data and File data recovery as well as AppleMac image files and iPod recovery.
Security testing
An IT vulnerability assessment on any outside connections to your institution will test your defenses against thousands of known utilities and techniques from the ever-growing hacker community. The result is a preventative report that will identify the severity of the deficiencies in your network defenses and a comparison with other institutions’ results. Regularly scheduled IT vulnerability assessments are an essential component in your information security program.
Network Intrusion testing
External Risk Vulnerability Assessment & Penetration Testing specifications:
Phortress Assessors will conduct an ERvA & Penetration Test using methodology which conforms to Information Systems Audit Standards. Phortress will conduct an examination of the potential vulnerabilities to the perimeter network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorised access that could have potentially catastrophic and costly consequences.
Phortress will conduct an examination of the potential vulnerabilities to the perimeter network under the premise of a “Zero Knowledge Attack”. This methodology includes gathering publicly available information about given IP/ranges and/or domain names(s). This includes searching public records and websites available on the Internet to discover potential security exposures. In addition, physical sites, systems and applications will be probed in order to identify potential security weaknesses and later perform penetration testing against them.
Each engagement is unique and Phortress will dynamically introduce attack methods relative to the vulnerabilities identified. Our attacks are designed to mimic the actions and techniques of a real hacker. Penetration and vulnerability assessments will include but not be limited to the following:
E-Mail Server(s)
Internet/DMZ Servers
Local and Wide Area Networks
Physical Security
Telecommunications
Network OS Services & Patches
User Profiles
Firewall & Router Configurations
Virus Protection Software
Review Network Security Configurations
Covert Network scanning
Manual service probing
Overt network scanning
30,000 CGI abuse scans
SQL Injection testing (If applicable)
Firewall Penetration
Brute Force access
Email account harvesting
Internet Information Gathering
HTTP and HTTPS Scanning
Custom scripting attacks
Man-in-the-Middle attacks
Mail messaging system auditing
Port Scanning
Ping Sweep & Trace Routing
Open Source Search
Network Vulnerability Scanning
Social Engineering
Denial of Service
Application and Banner Grabbing
Server Identification
DNS Zone Transfers
Network Reconnaissance
Enumeration of Servers
Modem Inventory
Network Vulnerability Scanning
Password Auditing
UDP/TCP Scanning
NetBIOS Null Sessions
The Final Report will include a security table ranging from Severe to Low with recommendations for remediation. Recommendations may include but are not limited to the following: Sample configurations, Patch and service pack recommendations, Training – Technical and/or Security Awareness, Best Practice and Vendor specific recommendations. Full documentation of our work will be maintained and printouts of such work are included as part of the Final Report. Upon completion an Exit Interview will be scheduled with the Client’s internal review committee.
Internal Risk Vulnerability Assessment (iRvA) Specifications:
Phortresswill conduct a iRvA (Internal Risk Vulnerability Assesment) using methodology which conforms to Information Systems Audit Standards issued by the Information Systems Audit and Control Association.
Phortress will conduct an examination of the potential vulnerabilities to the internal network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access that could have potentially catastrophic and costly consequences.
A typical IRvA engagement may include ANY OR ALL the following assessment tasks:
Blindly determine the internal IP address scheme for all internal networks
Identify all devices on the internal network
Scan and Document all ports and services for all network targets
Exploit existing vulnerabilities
Join security domain and perform network reconnaissance
Perform comprehensive Security Posture Analysis
Review and document the presence of Malware, Spyware and Virus activity
Employee Workspace Reconnaissance
Review of Data Network Security Policy
Review of Physical Security
Identification of The Client Wireless networks
Enumeration of Wireless Networks and Client Nodes in the expected area of the implemented wireless Network
Penetration testing of discovered networks belonging to or operated by The Client
Email Social Engineering attacks
Physical reconnaissance utilising Social Engineering (Impersonations)
War Dialing for voice and data
Policy Review of Best Code of Practice and Disaster Recovery plans
The Final Report will include a grading ranging from Severe to Low with recommendations for correction.
Security training & Working practices
Training staff to be aware of security issues regarding personal and business data.
Secure data movement
Transfer of data files from one location to another by secure courier
Guaranteed data destruction
A choice of absolute data deletion or absolute drive destruction
Network monitoring
Track what is happening on your company network, track program installations, removal of memory or just watch what employee’s are doing on their screens.
Email security & tracking
Emails are important, but how often does someone say they never received it.
We can help you to be assured of email delivery and even let you know when it was opened. We can also track if the email is forwarded to any other parties.
|
