» Internet Security Testing

A skilled search for weaknesses that could expose your corporation.

This service is primarily designed for organizations wishing to validate the effectiveness of their security defenses. The most basic penetration test is an examination of your Internet presence, probing for visible systems, switches, routers, etc., and then employing known techniques for breaching security on the devices. Once attacks are successful, we will attempt deeper levels of penetration based on previously hidden or protected portions of the network. Since active attacks are being used, your intrusion detection systems should detect these tests, providing you a method for evaluating the effectiveness of your IDS monitoring and alerting as well. If the penetration tests are successful, they will provide valuable insight into your security weaknesses. If unsuccessful, you can be commended and should sleep a little easier.

A more involved penetration test will include all known methods for gaining unauthorized access to your environment. This includes insecure modems, unprotected extranet connections, Internet vulnerabilities, social engineering, insecure remote access methods, and other techniques specific to your environment.

While a one-time snapshot of your enterprise security is extremely useful, GSTI believes that penetration testing should be included as a basic element in your overall security plan something that is performed frequently, with some degree of automation, and almost never on an announced basis. Whichever approach you choose, GSTI has the system and network-level expertise to carry out a highly effective attack one you can count on to uncover your risks.

» Vulnerability Assessments

Enterprise Assessment

Your enterprise risk level can only be determined by a comprehensive evaluation of all security controls, including all technical factors, as well as policy, daily processes, and other critical areas. GSTI will go several levels beyond simple network and system-level vulnerability scanning we will assess the entire security posture and provide you with a corrective roadmap, prioritized based on risk level, cost to implement, and complexity. You can then either apply the corrective measures yourselves, or enlist our assistance.

Application Assessment

Application security testing addresses the multitude of potential vulnerabilities introduced by the recent rise of the web enabled e-commerce. A web application is software that is interacted with via a web browser or an agent acting as such. A typical deployment of such technology involves clients submitting and retrieving data through the browser, with the brunt of the processing occurring on the server in any one of numerous platforms.

Vulnerability scans often will not expose these weaknesses, as applications may be customized or developed specifically for exclusive business processes. As such, automated scanning tools are ineffectual in determining exposures in such unique environments. A proper security review requires full understanding and examination of the context and components of each application.

Components of the review process include buffer overflow, session management (session hi-jacking, replay attacks), input validation (cross-site scripting, SQL injection), parameter manipulation (cookie, form field, and HTTP header manipulation), privacy violations (artifacts in browser cache and history), information leakage (error codes, debug commands, HTML comments), and misconfigurations (default accounts, sample scripts).

» Product Integration

Anti-SPAM/Anti-Virus Gateways

Even with the large number of malicious attacks today, computer viruses, worms, and Trojan horses continue to be the number one security problem.Many organizations have adopted very strong anti-virus policies and protections at the user-level, but have overlooked some of the most critical components the network gateways and the mail servers themselves.Network-level anti-virus gateways will remove your dependence on the user, and will stop inbound viruses before they can infect your systems. They will also prevent your internal users from infecting external organizations (such as sending infected mail attachments). Placing second-layer virus controls on your mail servers will ensure that viruses introduced internally (such is with a floppy) are not propagated throughout your network via e-mail.

Firewalls and Intrusion Detection

Organizations with external connectivity, be it Internet or Extranet, should consider firewalls mandatory. Effective firewalls can be built using various technologies, including your existing routers in many cases. Although GSTI is a value-added resellers of the industrys best firewalls, we also design architectures that make effective use of your existing mechanisms. GSTI has real-world expertise in major commercial environments and will ensure that whatever solution you choose, the firewall will act as a business enabler, not a bottleneck.

Intrusion Detection Systems (IDS) are highly desirable in that they can detect hundreds of known security exploits that can easily avoid detection by your firewalls. Its useful to view the firewall as the component that restricts traffic to the minimum necessary (therefore limiting your risk), and view intrusion detection as the component that will closely inspect the traffic you do let through (such as inbound web or e-mail) to ensure that known methods for breaking into your core systems arent being employed.If attacks are detected, the IDS can be configured to react in numerous ways, including an active kill of the attack in some cases.

Virtual Private Networking (VPN)

Virtual Private Networking is centered on the ability to create an encrypted session between users and networks, or from one network to another. The remote users or networks are normally authenticated based either on pre-shared secret keys, digital certificates, or one-time password tokens, such as SecurID. Commonly, a VPN gateway device is installed in the Internet DMZ (the protected area between your Internet connection and your internal networks), and is used by remote users with special software to create highly secure connections to the work environment. This is an especially strong capability if your home user has a cable-modem or DSL connection, as they can take full advantage of their connection speed. The VPN service will also allow traveling users to connect to a local ISP POP, eliminating costly long-distance or 800 service for remote access. A second use of VPNs is to connect geographically separated business units to one another using the Internet, which can eliminate the expense of dedicated leased lines in some cases. GSTI has significant experience in several industry-leading VPN technologies, and can help you select the technology, design the architecture, and implement your strategy.