Security health checks
Effective perimeter security solutions consist of a number of components which have been successfully integrated. These include an access router and a firewall to provide base security, along with a number of ancillary systems such as mail relay and web proxy services which enhance the solution.. The security specialist must balance security risk against user flexibility in order to deliver a coherent solution. There are a number of problem areas involved at the perimeter security level:
- Poorly defined security policy. If the security policy itself is inadequate, its implementation onto the perimeter security solution will leave potential security loopholes.
- Inadequate software/hardware solution. Even if the policy has been well defined the products chosen to deliver the policy may be inadequate. The policy may need to be "bent" to allow the software to function, or a hidden fault in the software may mean that the policy is not correctly implemented.
- Inadequate skill level of installation engineer. A mis-configured perimeter security solution represents one of the most common security problems. The software solutions are only as good as the installation. Even assuming a successful installation there are a number of ongoing issues:
- Security policy "creep". Perimeter security requirements may change over time. Each time a change request is generated there is a risk that this will contradict the initial security policy, and may be installed by less experienced personnel than the original solution.
- New security issues. New alerts and problems spring up all the time and can affect a perimeter installation. These may require software patches to be installed in order to maintain a complete solution. A regular external penetration test will help to discover the security holes that are inadvertently created by one or more of the above issues.
A test will use many known hacker techniques to attempt an entry into the network. It can also attempt denial of service attacks which could be used against the network. The specific tests run can be tailored for a particular test. Our testing uses a strict methodology to ensure exact replication. A report of results will be generated at the end of the test. All reports are held in an encrypted format to protect the sensitive data held within.
An initial penetration test should be carried out immediately after installation. If problems are found then these should be repaired and a second test carried out to verify this. In addition an on-site audit by a third-party will validate the security policy and the rules employed by firewalls and other perimeter security solutions. Penetration tests should then be carried out at regular intervals (eg quarterly) and after any major change at the perimeter security. These should include hardware and software. For instance a replaced access router may be incorrectly configured and thus leave a security hole.
