NetEx Inc. >>>>>>>>>>>><<<<<<<< Security >>>>>>>>>>>>>>>>>

Security policies are working documents; they should be periodically revised to reflect changing company needs. At the same time, a policy will form a basis for the way changes are made, and define their outer perimeters. Because it is crafted with measured conservatism, a security policy will exert a noticeable tug in the face of excessive change. Not to be mistaken for inflexibility, this is the force of careful planning, exercised across time.

NetEx network security experts can help the customer design, deploy, and manage a comprehensive security solution, from Public Key Infrastructure (PKI)-based services that use digital certificates to the deployment and management of advanced firewalls, IPSec, and more.

NetEx experienced Security Team can provide the support of a customized, robust Internet security solution for customer.

The following lists of services that can help our customer achieve their security objectives:

Network Security Policy and Procedure Development
Network Security Assessment
Network Security Architecture Design
Network Security Penetration Analysis and Ethical Hacking
Network Security Program Management and Staff Augmentation
Physical security, door locks, building access, Biometrics, keyless access, surveillance cameras, etc.
Host-by-Host Audit
Specific Findings
Router
Firewall and VPN
Intrusion Detection Systems
Intrusion Prevention Systems
Web Servers
Data Security
Content Security
Access Security

SMTP and FTP
Denial-of-Service
Network Overview
Perimeter Security
Use of user authentication at perimeter points for access
Protection by encryption
Measures to assure that executables cause no harm
Desktop virus scanning
LAN login security
Desktop security
Personnel records security
Perimeter Security
Out-bound Access
Review current security Policies
Authenticated Access Security
In-bound Content Security
Out-bound Content Security
Logging and Audit Policies
Emergency Response Procedures
In-Bound Access

Technical Approach

Check IP ports for listening processes, attempt to map the internal network, search for weakly configured mail hosts, look for holes in information servers, identify candidates for denial of service attacks. NetEx uses a combination of approaches, including automated probing and hands-on investigation.

Testing (Audit): NetEx will attempt active penetration of customer’s network by planting false domain information, by forcing routes, by impersonating hosts, and by exploiting holes within servers. NetEx will also test vulnerability to denial of service attacks where it looks promising. Note that there is some risk that the second level of audit could be disruptive.

NetEx will plan to reveal weaknesses that it may encounter, regardless of whether it has been technically commissioned to find them. NetEx understands further that its findings are confidential. At the same time, NetEx cannot warrant that an audit, and subsequent corrective actions, will render customer’s network impenetrable.

Additionally, NetEx will precede the audit with an onsite review of customer’s existing architecture, routers and firewall. NetEx may suggest configuration adjustments to harden customer’s network before the penetration audit.