Assessment Services
Matta internal network auditing services are scoped and proposed on an entirely
bespoke basis. Please contact us if you wish to enquire about internal auditing
and assurance services.
Network Security Assessment (NSA)
A NSA is what was typically known as a Penetration Test. The consultant
is assessing a number of hosts, whether they be servers, routers, Citrix farms,
or other devices with IP addresses. In this kind of assessment, we are
looking to determine which services are running and visible, and whether they
are patched and up to date. We will also look for mis-configurations
at both the OS and service level, and check regular issues such as whether
default passwords have been used, or the level of password strength as applicable.
Assessments can be run externally or internally, and when external, are typically are against
a DMZ which comprises the hosts publicly visible on the internet.
Application Security Assessment (ASA)
An ASA is now as common as a NSA where companies have custom written applications,
especially when those applications are available on the Internet. The purpose
of the ASA is to determine if an application is susceptible to attack. Application
attacks are very common, and take, amongst others, the following forms:
 |
SQL Injection |
|
Cross Site Scripting |
|
Privilege Escalation |
Software developers typically have not been trained in secure development
methods, and consequently, it is not unusual for Matta to discover significant
issues when conducting application assessments.
Wireless Security Assessment (WSA)
If your company is running wireless equipment, then an assessment at
least once per annum is advised. Configuration issues are the key
problem with wireless, along with authentication design, and integration
in to your LAN. Even a secure installation, which misses one tick
box in the configuration script, can result in a wide-open network.
Server Audit / Forensic Audit
Server Audits are internal, done physically at the server with administrator
access. They are sometimes called Forensic Audits, because it is
a process we often also use when doing incident response.
Server Audits are non-blind because we need to be given administrator
privileges to the host. These audits are carried out on systems which
are either critical in function, or carry critical data. The purpose
is to determine in as much as is possible to do if a server has existing
integrity - that is, it has not been subject to attack or compromise,
and to advise on how to harden and secure the host in every area, including
log configuration, system configuration, user and administrator rights,
ACL’s,
registry settings, etc. It involves two phases:
|
Data Collection |
|
Analysis and Reporting |
The Data Collection phase is reasonably quick and is done on-site. The
data is then taken away, and analysed off-site, and a comprehensive report,
generated.
Firewall Rules Audit
All business class firewalls, such as the checkpoint, cisco, or watchguard
firewalls have rules which establish which services should be filtered incoming
and outgoing. Misconfigured firewalls, or firewalls with rules that conflict
or don’t match established policy are picked up during a firewall audit. Typically
a ruleset is dumped out to text, zipped up in an encrypted file and sent to
us.
The matrix below represents the typical way in which Matta is engaged on projects. There are other ways to carry out these kind of assessments, but these are some typical scenarios.
Assessment Type |
Internal / External |
Blind / Non-Blind |
Network |
Both |
Both |
Application |
External |
Non Blind |
Wireless |
External |
Non Blind |
Server Audit |
Internal |
Non Blind |
Firewall Rules Audit |
Internal |
Non Blind |
|
