Internet Security Testing
Devices with access to the Internet are a potential open door. Maximus Impact Security Consulting provides vulnerability assessments during which it closely maps the network architecture, examines all open ports, hosts and services with access to the Web, and ensures that these devices are secure.
Defensive thinking gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, Maximus Impact Security Consulting determines whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services.
In addition to conducting vulnerability assessments, Maximus Impact Security Consulting performs more rigorous penetration tests in which the information gathered from its assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network.
Following all vulnerability assessments and penetration tests, Maximus Impact Security Consulting uses the information it gathers to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security.
Intranet Security Testing
While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, Maximus Impact Security Consulting provides Intranet risk assessment and analysis to protect against the potential threat posed by insiders.
Depending on the client’s needs, intranet testing can be performed by Maximus Impact Security Consulting under varying degrees of disclosure of network information from the client, for example with or without network accounts.
Web Application Assessment
This assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. Maximus Impact Security Consulting can test these applications using either zero-knowledge testing or full-access testing to examine the full range of potential vulnerabilities. Maximus Impact Security Consulting also conducts source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web.
Database Assessment
Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. Maximus Impact Security Consulting tests database integrity to determine whether any vulnerability may compromise this sensitive information.
Internal Controls
Internal Control structure is critical for accurate financial reporting in any organization. Today’s rapidly changing IT environment and corporate governance laws, such as the Sarbanes-Oxley Act and SAS 94, have many organizations paying more attention to their IT internal controls. Maximus Impact Security Consulting can ensuring that your organization has effective controls is key to creating and protecting value and preventing financial and reputational loss. Effective controls mean more than just regulatory compliance – they provide the platform for revenue growth, protect margin and ensure assets are appropriately secured. Whether your organization is a large multinational or a fast growing SME, we can work with you at all points of controls evolution.
Training
Maximus Impact Security Consulting provides training seminars to IT professionals and employees with access to sensitive information to better educate them about the risks of social engineering and how to prevent themselves from falling prey to ruses posed by competitors or malicious intruders. These seminars are dedicated to preventing human error from undermining an otherwise robust information security infrastructure.
Physical Security Testing
Access to confidential information can often be obtained by simply gaining physical access to company premises. Maximus Impact Security Consulting conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system.
Wireless Assessment
Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. Maximus Impact Security Consulting evaluates how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, Maximus Impact Security Consulting examines the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network.
Social Engineering Assessments
Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. Maximus Impact Security Consulting is the premier consulting firm in its ability to identify weak links in the security chain through exploitation of human vulnerabilities. Maximus Impact Security Consulting leverages its expertise in this field to expose what is often the weakest link in the information security apparatus: the human element.
Once individual or systemic weaknesses are identified, Maximus Impact Security Consulting recommends procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information.
Forensics
In addition to preventing future attacks, Maximus Impact Security Consulting can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has been compromised, and mitigate potential damages from the intrusion.
- Impact! Interior Design Solutions
- Symantec – Internet Security Threat Report 2013
- NIST – Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy
- National Institute of Standards and Technology (NIST) – Security and Privacy Controls for Federal Information Systems and Organizations
- Know your Enemies – Know Yourself – Art of War
- Symantec: Annual Study: U.S. Cost of a Data Breach
- National Institute of Standards and Technology – Glossary of Key Information Security Terms
- Ponemon Institute – 2012 Cost of Cyber Crime Study
- Ponemon Institute – Third Annual Benchmark Study on Patient Privacy & Data Security
- Stuxnet-style SCADA attack kept quiet after US gov tests