SecureState performs several high and technical level assessments to expose potential misconfigurations, server placements, and overall design flaws. Identifying exposures to the organization’s network involves two approaches. One is comprised of in-person interviews and discussions to understand the network, and review of network documentation. The other is comprised of SecureState performing validation testing in certain areas to follow up on the interview and design diagrams.
SecureState begins the review by assessing the network devices currently in place. Network devices are the core of any network and allow communication between systems. These often are points an attacker will target in order to cripple the overall network, or if stringent security restrictions are not applied, sniff and steal sensitive information without ever being detected. During this section of the project, SecureState will review the firewalls, and IDS/IPS solutions that protect the organization’s overall systems and networked devices e.g
routers and switches, as well as identify how the network is designed and implemented.
SecureState will review the current Demilitarized Zone (DMZ) implementation to expose potential gaps in security. DMZs protect an organization’s internal network and sensitive systems by providing a padded layer of security for externally connected devices. Many times, companies place servers within the DMZ and allow multiple connections inbound to the internal network. This type of setup is generally easy for a malicious attacker to cross between zones.
Next, SecureState will review the client’s internet facing systems in order to identify the current exposure. SecureState will not perform any type of vulnerability identification, or external penetration test in this portion but will identify what services are exposed and what threats may be apparent.
SecureState will also review the overall segmentation of the network to ensure that devices are located in appropriate zones, and that higher security zones are handled in a more rigorous fashion than normal production zones. Both the ingress and egress directions are reviewed. For the highest security zones such as those dealing with card-holder data, each traffic flow allowed must be traceable back to a business requirement.
Finally, SecureState will review the current hardening techniques currently in place. Attacks generally occur when no Minimum Security Baselines (MSBs) or patch management programs and policies are implemented. MSBs are the frontlines to all attacks and provide additional steps that can be performed to harden systems. SecureState will offer recommendations on improvements, but will not develop hardening techniques for each individual system as this is outside the scope of this project. SecureState will offer recommendations for
improvements. The adoption and implementation of these as it applies to specific systems are left to the customer.