Audit Stages

Security Audit

Security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include staff interviews, performing security vulnerability scans, reviewing application and operating system access controls and analyzing physical systems access. Automated assessments include system generated audit reports or software usage to monitor and report changes to files and settings on systems. Systems can include personal computers, servers, mainframes, network routers, switches.

Security Services and Audit is essential in the defence against attacks like...

Protocol Abuse Attack

Defend against IP Spoofing, LAND, Fraggle, Smurf, Winnuke, Ping of Death, Tear Drop, IP Option, IP Fragment Control Packet, TCP Label Validity Check, Large ICMP Control Packet, ICMP Redirect Control Packet and ICMP Unreachable Control Packet attacks.

Web Attack

Defend against HTTP Get Flood, HTTP Post Flood, HTTP Head Flood, HTTP Slow Header Flood, HTTP Slow Post Flood, HTTPS Flood and SSL DoS/DDoS attacks.

Scanning and Sniffing Attack

Defend against Port Scanning, IP Scanning, Tracer Control Packet, IP Option, IP Timestamp and IP Routing Record attacks.

DNS Attack

Defend against DNS Query Flood attacks from real or spoofed source IP addresses, DNS Reply Flood attacks, DNS Cache Poisoning attacks, DNS Protocol Vulnerability Exploits and DNS Reflection attacks.

Network-layer Attack

Defend against SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, NTP Flood, ICMP Flood, TCP Connection Flood, Sockstress, TCP Retransmission and TCP Null Connection attacks.

SIP Attack

Defend against SIP Methods Flood attacks.

Mobile Attack

Defend against DDoS attacks launched by mobile botnets....for example, AnDOSid/WebLOIC/Android.DDoS.1.origin.

Botnet Traffic Blocking

Blocking of controlling traffic of botnets, active zombies, Trojan horses, worms and tools such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest, Thc-ssl-dos, YoyoDDOS, IMDDOS, Puppet, Storm, fengyun, AladinDDoS and C&C DNS request traffic blocking.

Feature-based Filtering Blacklist

HTTP/DNS/SIP/DHCP field-based filtering and IP/TCP/UDP/ICMP/Other Protocol field-based and load feature-based filtering.

Right time for right choice

Reviews are very important as we need to establish which configurations already exist and to ensure that no important configuration is overlooked such as: spoofing protection, blocking open smtp relay, filtered ip address for remote access, VPN configuration, VLAN configuration and to avoid layer 2 attacks based on arp spoofing for traffic sniffing, etc.

Other Security Services