Back to Top

Infrastructure

When deploying a brand new platform, or when checking an existing system environment is being adequately maintained, an infrastructure security assessment is essential in validating that no vulnerabilities and weaknesses exist that could be used to compromise organisational information assets.

Infrastructure testing involves exploring the weaknesses in the design, implementation and configuration of networks and servers. It underpins application testing by ensuring that the foundations that applications reside upon are suitably secure. Infrastructure security testing ensures that a platform or estate utilises enough security controls to be able to offer enough defence-in-depth to fully protect the information assets.

It is vital that networks are built to best practice and that they are properly patched and maintained. An infrastructure test finds vulnerabilities and weaknesses in the deployed software and its configuration. Our service will guide you to successfully address these resulting in a safe and secure environment.

An infrastructure security assessment usually comprises one of more of the following elements: -

  • Network Vulnerability Assessment –comprising a review of each network subnet that comprises the platform to identify the devices, operating systems and network applications and whether any vulnerabilities exist that could be used to compromise the confidentiality, integrity or availability of information assets;
  • Inter-network Communication Analysis – where segregation exists between different subnets within the platform or estate, a review is undertaken of the protocols, ports and services that are permitted between them. This provides assurance that the network security is operating as expected and that it is not possible to communicate between the various segments comprising the architecture, demonstrating suitable defence-in-depth;
  • Configuration Reviews – conducted from the console or a retrieved configuration from a server, network device or firewall, a configuration review ensures that a number of areas that are not possible to assess over the network are correctly setup and appropriately configured. Some of the areas that are covered include patches and hotfixes, user accounts, logging / auditing and security settings. A configuration review provides increased assurance that the components comprising the estate are suitably locked down (hardened) and maintained on an ongoing basis;
  • Firewall Rulebase Reviews – a step-by-step audit of a firewall rulebase to ensure that the rules are in line with the platform’s business requirements. Unnecessary or weak rules will be identified and highlighted, accompanied by practical remediation advice to improve the level of network security.
    The resultant report effectively provides an overview to executives on the effectiveness of information security of the platform and a checklist to technical administrators that can be used to provide increased levels of assurance with regard to their environment.

The return on investment an organisation can expect following the commission of a network infrastructure review is a greater understanding of the current levels of assurance of organisational information assets within a platform and a view of the current technical vulnerabilities and weaknesses that can form the basis of an effective remediation programme.