Polski Polski    English English

Your security is worth checking!

You are here: HomepageServices › Network technology audit
Services
Newsletter

If you want to subscribe newsletter please add your e-mail address.


Network technology audit

We offer one of the most comprehensive computer auditing services in the country and the world. Auditing includes investigation of existing technical mechanisms, constituting the main, technical protection of your company's resources for activities of directly acquiring data.

Network technology audit includes among other things:

  1. Review and network analysis
    Network review is usually the introduction to a more precise analysis of systems. This part is based on a combination of methods, security information and mechanisms allowing determination of the amount of systems and computers which will be able to be subjected to analysis and further tests without violating legality and continuity of activities.

  2. Scanning ports and services
    Scanning ports is an invasive method of auditing open ports on remote machines. The module is oriented both to auditing accessible services on remote systems, as well as the resistance and propriety of the activity of network barriers and other elements of network protection. On each network system there can be as many as 65,536 ports of various network services, including P2P services.

  3. Identification of accessible services
    These methods include active auditing of applications "hiding" under detected open ports determined in part 2. In some cases it can even happen that more than one application corresponds to one port. A good example here is PHP installed for the use of WEB applications, where the monitoring service is the HTTP server and a component of the PHP interpreter application.

  4. Identification of systems
    Part of this specification enables determination of the version of operating systems of access hosts through the analysis of replies to queries sent (OS fingerprinting).

  5. Analysis of susceptibility
    The goal of this part is finding, identifying and verifying weak points and errors in the configuration and therefore of the susceptibility of hosts to threats from the network.

  6. Testing of router activity
    Routers limit traffic between the internal, protected environment and the Internet network. This module is used to confirm that only accepted blocks have network access, while all others are rejected.

  7. Testing reliable systems
    The goal of conducting tests on reliable systems is to check the influence of the introduction of "foreign" units to the existing network and also the reaction of existing network mechanisms in the event of the introduction of these units.

  8. Testing firewalls
    A firewall is usually a system assuring basic protection between the company network and Internet network. This module is used to confirm that to the network only has access to accepted packs??blocks???, while all others are rejected.

  9. Intruder Detection Systems (IDS)
    These tests check the activity and sensitivity of intruder detection systems (IDS). Most audits cannot be performed without access to IDS logs.

  10. Testing Content Protection Systems (antispam, antivirus)
    Tests of this kind are used to check the activity and detection of malicious codes and software. The identification of security mechanisms and security policy requirements is necessary.

  11. Password breach
    Tests of this type allow verification of password strength, particularly of weak cryptoalgorithms and detection of unsafe passwords used by workers.

  12. Denial of Service tests (DoS)
    Denial of service is the situation in which an intentional or unknown activity makes access to services performed by the remote system impossible. These tests do not include distributed denial-of-service (DDoS), because it ALWAYS causes problems not only for the remote system but also other network-related devices.

  13. Safety policy review
    This part regards the security policy, representing how the use of specialist technologies lowers the risk connected with activities of the organization. Verification is subject to agreement with formal policies of practical protection in real networks of the company.


Expected results, among other things:
  • acquiring list of names and IP addresses of active computers in the network
  • count of remote operating systems
  • determination of system administrators and their owners
  • listing of systems providing illegal services
  • internal verification of the IP address pool used
  • listing of network and system weak points
  • determination of application types and services under threat
  • determination of the efficiency of IDS systems in high traffic conditions
  • determination of the efficiency and statistics of the system for its normal work
  • determination of the efficiency and statistics of systems for work under excessive pressure

© 2012 BTC Sp. z o.o. All rights reserved.
Site Map | Privacy Policy | About BTC | Contact