SERVICES

Security Audits
Penetration Testing
Network Scanning
Security Policies
Security Training
Mitigation
Network Design and Implementation

SECURITY AUDITS

These Audits are comprised of several layers of investigation and protection:
  • External vulnerabilities
  • Internal vulnerabilities
  • Social Engineering
  • Physical Security
  • Security Policies
  • Security Training

External vulnerabilities are approached in exactly the same manner that a highly skilled malicious hacker would use in attempting to penetrate a network's defenses. Sage InfoSec's network engineers apply the same hardware, software and techniques to probe our client's networks.

Internal vulnerabilities are approached from the perspective of an employee, temp worker or contractor who is attempting to access information beyond that which is designed to be available to someone in their position.

Social Engineering is simply a fancy a term for lying. Hackers often find that it is not necessary to go through the work of exploiting vulnerabilities in a network when a well phrased phone call or email will grant them access to the most sensitive information on their target's networks. Sage InfoSec investigates the extent to which our client's employees fall prey to these frequently successful strategies.

Physical Security is an aspect of Information Security which is all too often overlooked. Hackers know that the easiest means of acquiring the information they are looking for is often to simply physically take it. Key logger hardware placed on a sensitive computer is one approach, though just walking onto their target facility and taking laptops or even servers out the front door can be even more effective. Sage InfoSec tests the ease with which an unauthorized person can enter your facilities, whether the approach is to 'tailgate' through a checkpoint, use false identification, or sneak into a loading dock with a handtruck, Sage employees will make sure you know how hackers can enter you physical plant.

Many of Sage InfoSec's clients do not have a Security Policy. Others are not enforcing theirs, or need to make amendments and additions to their policies. Sage InfoSec works with our clients to make sure that they have a Security Policy which addresses their needs and protects their information.

With new security policies and procedures should come new training for your employees. Make sure your staff understands your Security Policy and the penalties for violating that policy. Protect our company from Social Engineering on the front lines - make certain your employees are aware of what kind of information hackers are looking for and what techniques they will use to acquire it.

PENETRATION TESTING

Penetration Testing is a thorough examination of the vulnerabilities that exist on a computer network.

Beginning with an assessment of the information freely available on the internet, Sage InfoSec employees look for sensitive information on our client's website (past and present), their employees', ex-employees' and contractor's websites, web forums, and other sources.

Next, we scan our client's networks looking for vulnerabilities: open ports, poorly configured firewalls and routers, servers that have not be properly patched, modems that offer access to the network, computers that tunnel through firewalls to provide virtual private networks and any other avenues of approach to the data your company seeks to protect.

Finally, we exploit the vulnerabilities we find. Making certain that our client is always aware of what we will be probing and when, Sage InfoSec will gain access to our client's networks and explore the extent to which their data is vulnerable.

Our findings are delivered to our clients in two reports: one for IT management, and one designed for executive management. In addition, these reports will be accompanied by a presentation detailing our results, suggesting improvements to the network and allowing for a thorough question and answer period.

NETWORK SCANNING

Network Scanning is the least intrusive form of information security audit that Sage InfoSec offers.

While an automated network scan will reveal some of the more glaring holes in a poorly structured network, they can often produce false negative and they invariably miss vital openings which malicious hackers often exploit.

For this reason, Sage InfoSec always manually checks the results of all of our scans, going from port to port on our client's networks, making sure that nothing is overlooked.

A Network Scan will never be as comprehensive as a Full Security Audit, but Sage InfoSec endeavors to make certain that our Network Scans provide our clients with invaluable information on the general security of their networks. And, of course, the results of all our Network Scans are delivered to our clients in two reports: one for IT management and one for executive management.

SECURITY POLICIES

Security Policies may be the most important aspect of a company's overall security stance. A good policy will specify how information is to be stored and when it can be shared. Specifics regarding the structure and maintenance of the network are detailed and penalties are outlined for violation of the policy.

SECURITY TRAINING

A good hacker will not even try to break into your network until after he has tried calling your employees and simply asking them for their network password. With the right technique, this approach is surprisingly effective. Sage InfoSec can train your employees to know what information they can share and under what circumstances. We will show them how easy it is for a hacker to fake an 'official' email that looks like it is coming from a manager at your company. We will provide them with easy to remember guidelines to keep information secure, and outline the penalties for violation of your corporate security policy.

MITIGATION

Sage works with our clients' IT departments to implement the security improvements that we recommend, but, occasionally, we have clients who have outsourced their IT services, or simply to not wish to refocus internal resourses. In these cases, Sage is pleased to handle our clients' mitigation needs, and implement all of our recommended security improvements.

NETWORK DESIGN AND IMPLEMENTATION

Setting up a new network, or considering a change to your existing network? Call us - we will make sure that solid security is built into your network from the ground up. Don't wonder about it after the fact; we can review your requirements and make sure that your network functions the way you need it to, and do it securely.