Penetration Testing & Network Auditing

The value of an independent, objective evaluation of security over private data cannot be underestimated. With a hypersensitive public that expects their information to be kept private, firms have an increasingly more demanding job keeping up with security let alone technology. The same can be said for having an expert Security Engineer oversee or implement your security program. Only an engineer that focuses on security can provide assurance that you are doing all that is appropriate to protect your confidential data.

IITAC’s network auditing and penetration testing services provide insights into as many application or operating system weaknesses as possible. IITAC offers two methods of auditing: passive network auditing (black box auditing) and aggressive penetration testing. Both approaches ensure that security is a core component, rather than an afterthought, of your infrastructure.

With IITAC’s network auditing and penetration testing services, you can be sure that your critical enterprise applications will maintain maximum uptime and integrity. IITAC audit services is proficient in testing applications across a wide range of organizations, including:

  • IT organizations deploying systems to manage sensitive information;
  • internal development teams rolling out custom-built, proprietary software;
  • and software development companies that want to test their own products.

The Audit - Not an Event but a Process: It must be kept in mind that as organizations evolve, their security structures will change as well. With this in mind, the computer security audit is not a one-time task, but a continual effort to improve data protection. The audit measures the organization’s security policy and provides an analysis of the effectiveness of that policy within the context of the organization’s structure, objectives and activities. The audit should build on previous audit efforts to help refine the policy and correct deficiencies that are discovered through the audit process. Whereas tools are an important part of the audit process, the audit is less about the use of the latest and greatest vulnerability assessment tool, and more about the use of organized, consistent, accurate, data collection and analysis to produce findings that can be measurably corrected.

One of our Security Experts will examine your network(s) thoroughly and document the security vulnerabilities. After the analysis, we will document and provide you with recommendations on how best to secure your network. We can even work with your team to fix each security issue. Our approach is simple. A checklist provides a step-by-step system for inspecting the security of your application. For each item on our checklist we detail:

  • Findings: Whether or not we found vulnerability in your infrastructure.
  • Reasons: The reason why this item is important to the security of your infrastructure.
  • Recommendations: Our recommendations describing what should be done to improve or correct your infrastructure.
  • Remediation: For an additional fee, IITAC can help you implement the recommendations

Benefits for the client

Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative network hardening.

We will not issue a “this network is secure” stamp, since no infrastructure is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.

The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.