Security Assessment

NetUnity believe it is vital to gain the assurance that the systems in place are effective and functional by proactively reviewing and testing them; that electronic corporate assets should undergo regular security assessment, together with the supporting policies and procedures. This assurance is essential for the organisation, its partners, stakeholders, auditors and clients and will ensure many of the associated risks can be managed, mitigated and eliminated.

Taking an inventory of the organizations security assets and processes is an essential ‘ first step ‘ in the assessment process. Our focus on deliverables ensures that the client obtains value for money at this fact finding stage of our partnership.

NetUnitys Security Assessment is focused on three key deliverables –

Deliverable 1: Current State Report on Privacy and Security

Deliverable 2: Gap Analysis and Recommendations

Deliverable 3: Compliance Project Plan and Cost Estimate

Additionally our clients may request additional assessment services,

Deliverable 4: (Optional) Implementation of Remediation Project Plan

Deliverable 5: (Optional) Training.

NetUnity  provide a full range of security assessments from security policy audit to application testing; from vulnerability reporting through to full exploitation. Our assessment services are available through one-off, quarterly or monthly contracts.

Security Policy and Process Audit

NetUnity will review operational documentation for compliance against appropriate standards – for example BS7799/ISO17799, HIPAA or FSA requirements. The practical procedures and systems implementing the policies will also be assessed if desired.

External Penetration Test

NetUnity will identify and analyse the most exposed risks to your organisation through an external security review of your infrastructure.

Internal Security Assessment

NetUnity will identify any and all known security issues within the target environment by testing the systems from multiple network points. In testing the systems from various internal locations NetUnity can provide a realistic view of the absolute security of the environment. This evaluates the likely impact and extent should any compromise occur, and mitigates against the ‘hard shell, soft centre’ security model.

Firewall Security Assessment

NetUnity will focus on various aspects of the firewall configuration and response. The purpose of this assessment phase is to determine how secure the hosting devices are and whether the deployment/configuration adheres to security best practices.

NetUnity examine the bespoke and proprietary applications and human interfaces present. Web and other applications provided for customer or partner use are frequently found to be inadequately secured, exposing the organisation to attack – even when the underlying servers, firewalls and security systems are fully secured and configured.

Wireless/RAS Security Assessment

NetUnity apply established security principals in testing the design, deployment and impact of wireless networking – be it WiFi (802.11b etc.), GPRS, BlueTooth, HomeRF or other emerging technologies. The NetUnity approach examines wireless security by analysing the wireless technology itself, assessing the configuration and security measures on the clients and infrastructure, and reviewing the impact of the wireless technology on the environment as a whole. Where appropriate, NetUnity will search for unauthorised access points within the target environment.

Telephony Security Assessment

NetUnity understand the key areas of concern include fraudulent use or disruption of internal telephone exchanges, compromise of sensitive information through voice-mail insecurities and attacks on the IT infrastructure or phone systems where they intersect, for example with Voice over IP (VoIP). Through exercises such as War Dialling – the systematic testing of each phone number within an organisation’s domain – authorised and unauthorised access points to the corporate infrastructure can be identified and analysed. NetUnity’s security testing methodologies can and have been deployed against the latest and emerging telecommunications technologies, including assessments against 3G, GPRS, GSM and WAP infrastructures and services.