Security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include staff interviews, performing security vulnerability scans, reviewing application and operating system access controls and analyzing physical systems access. Automated assessments include system generated audit reports or software usage to monitor and report changes to files and settings on systems. Systems can include personal computers, servers, mainframes, network routers, switches.
Defend against IP Spoofing, LAND, Fraggle, Smurf, Winnuke, Ping of Death, Tear Drop, IP Option, IP Fragment Control Packet, TCP Label Validity Check, Large ICMP Control Packet, ICMP Redirect Control Packet and ICMP Unreachable Control Packet attacks.
Defend against HTTP Get Flood, HTTP Post Flood, HTTP Head Flood, HTTP Slow Header Flood, HTTP Slow Post Flood, HTTPS Flood and SSL DoS/DDoS attacks.
Defend against Port Scanning, IP Scanning, Tracer Control Packet, IP Option, IP Timestamp and IP Routing Record attacks.
Defend against DNS Query Flood attacks from real or spoofed source IP addresses, DNS Reply Flood attacks, DNS Cache Poisoning attacks, DNS Protocol Vulnerability Exploits and DNS Reflection attacks.
Defend against SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, UDP Fragment Flood, NTP Flood, ICMP Flood, TCP Connection Flood, Sockstress, TCP Retransmission and TCP Null Connection attacks.
Defend against SIP Methods Flood attacks.
Defend against DDoS attacks launched by mobile botnets....for example, AnDOSid/WebLOIC/Android.DDoS.1.origin.
Blocking of controlling traffic of botnets, active zombies, Trojan horses, worms and tools such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest, Thc-ssl-dos, YoyoDDOS, IMDDOS, Puppet, Storm, fengyun, AladinDDoS and C&C DNS request traffic blocking.
HTTP/DNS/SIP/DHCP field-based filtering and IP/TCP/UDP/ICMP/Other Protocol field-based and load feature-based filtering.
Reviews are very important as we need to establish which configurations already exist and to ensure that no important configuration is overlooked such as: spoofing protection, blocking open smtp relay, filtered ip address for remote access, VPN configuration, VLAN configuration and to avoid layer 2 attacks based on arp spoofing for traffic sniffing, etc.