|
Managed
Security Services
For companies that are
struggling to get up to speed on information security, Gray
Hat Research Corporation offers a comprehensive group of
services designed to maintain existing policies and shore up
defenses against specific threats. If an organization is
experiencing consistent hacker probes, denial of service
attacks or other well-aimed assaults on its information
systems, Gray Hat Research is available to troubleshoot the
immediate problem, put specific preventative measures in
place, and assist in attempts to identify, apprehend and
prosecute the offenders. Rather than serve as a “Lone
Ranger” who disappears once the trouble is past, Gray Hat
Research Corporation strives to educate information
professionals in its practices to create a more effective
defense against future attacks. In many cases, this training
is part of Gray Hat Research Corporation’s comprehensive
managed security package.
Information Security
Assessments
As threats increase, more and
more businesses are making information security assessments
a standard practice. A well-informed organization can more
competently demonstrate a concern for the value of their
assets. In addition, conducting an assessment allows an
organization to establish parameters for their security
program that are relevant and accurate.
Gray Hat Research Corporation
offers its clients the opportunity to establish an internal
benchmark for information security through a comprehensive
assessment of their existing security position. Information
security assessments allow companies to understand how their
prevention, detection and mitigation measures compare to
their own standards, and to the standards for their
industry. The results of the assessment give businesses the
leverage they need to accomplish their operational
objectives through the implementation of the most applicable
technologies and processes.
Wireless Network Auditing
Wireless networking (WiFi)
technology is one of the most misunderstood and least secure
computer services available. Whether authorized by the Chief
Information Officer or installed without approval by a
enterprising employee, this technology opens a company to a
plethora of vulnerabilities.
Gray Hat Research Corporation
performs WiFi related audits, including identifying
unauthorized or unsecured access points, confirmation of
proper security configurations, measurement of signal
strength, and statistical analysis of network activity. By
locating access points installed for legitimate or for
malicious use, Gray Hat defines the boundaries of a wireless
network’s impact on the company. Measuring the signal
strength establishes who can see the network, and
understanding the network’s security configuration will
determine who is able to access it. Trend data and
statistics will indicate when and how the network is being
used, and provides insight into possible fraudulent or
malevolent activity.
Remote Access and War
Dialing Audits
Remote access services (RAS)
allow employees to connect to corporate assets (networks,
intranets, etc.) through modems or via their personal home
internet service. With a username and password, employees
can conduct company business via telecommuting, and in the
case of network administration, technicians can perform
certain computer services and tasks without actually being
onsite.
The policies and technologies
that govern these activities will determine whether a
company successfully prevents the compromising of their
assets. In cases where one or both factors are neglected, a
company is vulnerable to either psychological attacks,
(i.e., a hacker posing as a frantic executive needing
immediate access to a network), or war dialing efforts. War
dialing is a computer hacker attack using software to dial a
predetermined number of telephone numbers to locate active
computer modems.
Gray Hat Research Corporation
examines a company’s practices to determine how easily a
hacker or corporate enemy can gain access through both
physical and electronic avenues. Similar to a wireless
network audit, electronic and human access points are
examined, not only for vulnerabilities, but for
opportunities for abuse of assets (i.e., an employee
downloading obscene material to a home computer using the
company internet access) and trend reports to determine when
and how those assets are being utilized. A comprehensive
understanding of the existing remote access services
empowers a company to implement realistic controls and
policies that support telecommuting and remote
administration without providing excessive opportunities for
misuse.
Penetration Testing
Corporations today face any
number of vulnerabilities. Card reader doors that don’t
lock. Improperly configured network devices. Disgruntled
employees. Many of these weaknesses go undiscovered until
they are exploited by a malicious individual or group. Gray
Hat Research Corporation tests the limits of a company’s
defenses by adopting the mentality of the top 10% of all
hackers or corporate espionage agents.
In addition to attempting to
compromise a network, Gray Hat Research Corporation has the
resources to perform physical security tests to determine
how vulnerable “special access areas” really are. The
results of these tests will reveal to a company what
measures are working, what vulnerabilities exist in those
measures, and how to mitigate the associated risks. These
penetration attempts are conducted based on predetermined
criteria, which range from covert (posing as an employee, a
vendor or a delivery person) to extremely overt (scaling
walls, picking locks, etc.
|
