Case Study : An Internal IT Health Check of a Major Upgrade to a Defence Application
Digital Assurance was engaged by IBM to provide an independent review of a major upgrade they had designed for a critical application provided to the Armed Forces. The application had recently been updated to operate on a thin-client model based on a Citrix infrastructure. Such a major update required reaccreditation with relevant accreditation authroity prior to operational use, so that assurance could be gained that the information security model of the application had not been compromised.
We conducted a comprehensive security assessment of the platform, investigating the new infrastructure across all layers of the OSI model. Digital Assurance reviewed the network architecture, the build of UNIX, Windows and network devices within the architecture, as well as reviewing the Citrix application itself and custom code (a Windows DLL) that had been implemented to handle a Single Sign On (SSO) mechanism.
Digital Assurance delivered a comprehensive report outlining the findings of the assessment, a list of vulnerabilities and realistic controls that could be implemented to mitigate the risks.
References for this project are available on request