What is a security audit?
Asset testing to determine resilience to various types of attacks, the possibility of intrusion from the Internet into a customer’s networks, intrusion into key IT elements of a customer’s internal networks and other specific forms of testing.
What does the audit include?
- Checking the server and desktop infrastructure
- Detecting unsupported systems
- Mapping the currency of critical patches and updates
- Verifying the security of current authentication methods
- The presence and suitability of current anti-virus and anti-malware solutions
- Possible threats stemming from current settings
- Recommending changes according to best practices and current threats
- Checking the network infrastructure (e.g.)
- Management system and mechanisms
- Up-to-date firmware and security mechanisms (encryption type, protocol version, multi-factor authentication)
- LAN access security (open, 802.1x, …),
- Implementation of network protection mechanisms (e.g. protection against loops, unwanted DHCP servers, etc.)
- Revision of FW rules
- Recommending changes according to best practices and current threats
Execution
- Passive
- In questionnaire form
- By checking the settings either by connecting and/or viewing the configuration files
- Active
- OS update check and patches to correct errors in applications and OS (vulnerability scan)
- We also offer penetration testing (paid service)
Do not hesitate to contact us; we will be happy to help!
