»   Halaman Muka  »  Layanan  »  Information Security

Information Security

Security Audit

A security audit is conducted to assess the overall security of the customer's network. This is done to have an in-depth understanding of the network from a security perspective. This would help the customer identify security loopholes in design, implementation and practices in the network.


A detailed study of network is undertaken. All components including servers,networking devices,firewalls and IDS systems are mapped.


Depending on the network architecture and OS/applications present, a detailed preliminary survey questionnaire is prepared. The questionnaire is designed to capture all the details pertaining to the server or network object to assess the security risks it presents.


Data is collected using pre-defined questionnaires. The data collected is used to analyse the applications and services running on the system. Each application is examined in detail to identify potential insecurities, starting from design and implementation weaknesses to the current version of patches. Operating system security testing includes assessing the current patch versions and review of access control policy, audit policy and disaster recovery policy. The Firewall and IDS systems are audited extensively to find out if experienced hackers can evade them to break into internal network. Social engineering attacks are employed to test the practices and procedures followed by users to safeguard sensitive network information.


A detailed report is presented with all vulnerabilities documented in detail. For each vulnerability, the report would include a brief description, known exploits against the same, the level of skill required to run the exploit and also remedies for fixing the vulnerability. Recommendations are made for long term initiatives to be taken in terms of products and practices to ensure a safe network.