Identifying IT security risks
Securing IT starts with the identification and analysis of IT security risks. After all, organizations must be aware of the IT security risks they are taking due to weak spots in their IT security. IT security is only as strong as its weakest link. Madison Gurkha has developed a broad range of services to help you improve your IT security level. With these services the total technical IT security of an organization can be investigated.
Madison Gurkha delivers the following services for identifying IT security risks:
- Technical IT security Audits
- Social engineering
- Security policies & baselines
- Security assessments
With these technical IT security audits we can research various risk-bearing areas such as:
- (Web)applications (including code inspection)
- Extranets
- Portals
- Standard applications
- Demilitarized Zones (DMZ's)
- Internal Networks (LAN)
- Wide Area Networks (WAN)
- Firewalls
- Dial-in Networks
- WiFi Networks
- RFID
Several methods can be applied to investigate these areas with Technical IT Security Audits:
Black Box Security Audit
During a Black Box Security Audit, Madison Gurkha has limited information regarding the targets. In a predetermined amount of time (also known as the time-box principal) we try to find as many weaknesses of the (web)application and/or IT infrastructure as possible.Grey Box Security Audit
During a Grey Box Security Audit, Madison Gurkha has access to test credentials like user names and passwords. Because of this, we can investigate if the correct authorizations within an application are implemented. For example, can user A access the data of user B? Also, with the Grey Box method we can investigate an internal network. What can an average user do within a company network, that this user should not be allowed or able to do?Crystal Box Security Audit
During a Crystal Box Security Audit. Madison Gurkha has access to all information needed. Information like functional, technical and architectonial design documents are all accessible beforehand. In case of applications we can even have access to the source code which will be subjected to inspection. When we are auditing infrastructures we thoroughly investigate the hardening of the servers, the set-up of firewalls and the settings of devices.Penetration test
A penetration test, also known as Ethical Hack, is appealing most to one's imagination, when performing Security audits. A Penetration test looks a lot like a Black Box Security Audit but is essentially different. With a Penetration test we try to find and exploit one weakness to fully penetrate a DMZ or LAN. Any other weaknesses are of secondary importance. The main point is to show what a certain security problem can lead to. Penetration test are commonly used to show the seriousness of security problems, to raise the awareness and to free budgets for creating a profound IT security protocol within an organization.
Contact us if you would like to know how Madison Gurkha can support your organization with identifying your (technical) IT security risks.
You are more than welcome to request our brochure for more information about our services.