DL specialists and experts from Security firms will evaluate system based on CIS Security Benchmarks, this is a recommended standard used in the required systems which tightens security issues from moderate to high. The systems we carry out are diverse, catering to the diverse needs of our customers.
I. Items to be assessed
- Operating System
- Check for Updates, Patches and Security Softwares.
- Check for FileSystem Configuration (Ext3, NTFS).
- Check for OS Services.
- Check for Sepecial Services.
- Check for Logs and Auditing Services.
- Check for Network and Firewall Configuration.
- Check for the Issue of System Authentication and System Authorization.
- Check for the Accounts and the Environments.
- Check for warning configurations about permission.
- Check for System Maintenance Services.
- Check for OS levels.
- Check for FileSystem Permission.
- Check for Log.
- Check for general issue related database.
- Check for Data Access Control.
- Check for Customized Configurations.
- Check for SSL Configurations.
- Check for Backup and Recovery Configurations after Disaster.
- Web Server
- Check for Web Server Installation Process.
- Check for OS Configuration and Access Management.
- Check for the Securiry Configurations of Web Source code Storage Folder.
- Check for Authentication Configurations and Encrytion Solution.
- Check for SSL/TLS Configurations.
- Check for Logging Configurations.
- Check for System Backup Configurations.
- Check for remote access configuration and update source code content.
- Network – Security
- Check for device access requirement (AAA, Access rule, Banner rule, Password….)
- Check for device management requirement (Clock, Service, Log, NTP….)
- Check for data transmission requirements
II. Evaluation Process
Experts evaluate the target system testing by injected methods, collected data system network and exploted testing the security vulnerabilities supposedly existing in the target network. The whole process is performed in 05 categories including: Data Collection, Data Scanning, Automatic Exploit, Manual Exploit, and Analysis/Reporting.
- Data Collection
- Collect domain name, IP Lists, Access System, Server System….
- Collect Business Model, Email Information, DNS, rDNS
- Data Scanning
- Perform a proactive scan of the network and servers collected in step 01
- Scan IP, service port, protocol used
- Scan the version using system services
- Automatic Exploit
- Exploit vulnerabilities in the system with automated tools
- Attack on external and internal network system
- Perform an active eavesdropping on connections in the system
- Make a Hijack to the connections in the system
- Exploit into the proactive service
- Manual Exploit
- Perform an analysis of the automatic results and write a manual exploit if necessary
- Combine the different exploitation methods to deep attack into the system
- Analysis and Reporting
- Note the entire performance process
- Make general report, analyse the system security level.
DL IT INVESTMENT CORPORATION
- Address: 152/32 Thanh Thai, Ward 12, District 10, HCMC
- Telephone: (84-28) 62650735 - Fax: (84-28) 62650734