Uncategorized

Infrastructure Risk Assessment

RiskSek provides a Holistic View of the Risk associated with your On-Premises Infrastructure using our Intelligent Risk Assessment and Scoring Approach.

On-Prem Infrastructure Security

Focuses on configuration review and risk associated with your On-Premises Security Infrastructure components.

Scope of Assessment

We review the configuration of

  • Network Firewalls
  • Intrusion Detection Systems
  • Proxy Filters
  • Privilege Management Systems
  • Data Loss Prevention Systems

Topics in Scope

Review Firewall Rules and Configuration

  • Review access to unnecessary ports to the systems
  • Review access to unnecessary rules
  • Ensure proper network configuration is in place

Review Intrusion Detection Policy

  • Review policy to ensure that proper rules in place to detect traffic to Command and Control Systems, Rogue outbound traffic, traffic anomalies
  • Tuning and Performance optimization

Review Proxy Filter Rules

  • Review web filtering rules for authenticated users
  • Unauthenticated access permissions
  • Performance optimization

Review Privilege Management Systems Configuration

  • Discovery of Service Accounts
  • Management of Privileged Entitlements

Review Data Loss Prevention System Policy

  • Review policy to ensure proper detection in place for data leaks, sensitive information leaks, intellectual property leaks
  • Review Data Classification as per organization defined standards

Approach

  • Sign NDA
  • Understand the scope and infrastructure
  • Receive a copy of rules or policies or access the devices in Read-Only mode
  • Start review

Leave a Reply

Your email address will not be published. Required fields are marked *