|
Introduction
|
|
In the past nine years IT Matrix Ltd. is focused in Information Security Services
and in partnership with leading Information Security Consulting firms, has executed
numerous Information Security projects of Risk Assessment, Application security
review, Penetration Testing, InfoSec policy & procedure, ISO27001 certification,
Security Architecture review etc. IT Matrix Ltd. proposed solutions and services
are based on thorough understanding and requirement of our client’s business needs
and objectives.
|
|
IT Matrix has executed over
100+ penetration testing and many security services (Risk Assessments, Security
/ Configuration Analysis, Systems Hardening, Vulnerability Assessments etc….). These
services were delivered by IT Matrix local resource bank and its business partner.
|
|
Penetration Testing
|
|
A Penetration Test models specific threat scenarios against a network and its supported
services. IT Matrix’s testing imitates a malicious attacker with a specific goal
(e.g., “compromise a host in our DMZ,” “access the corporate database,” or “break
in to a custom application”). The Penetration Test provides insight into methods
of attack against a network. It is a point-in-time reference. The assessment is
performed blind or informed. Informed penetration tests are the most cost effective
for short-term engagements.
|
|
Application Code Review
|
|
Application Code Review helps to find the flaws and initial development mistakes
and to improve the quality and security of an application. Issues like buffer overrun/
overflow, backdoors, default passwords, common vulnerabilities, identification and
Authentication can be eliminated.
|
|
Security Assessment
|
|
The Network Vulnerability Assessment provides a thorough understanding of security-related
weaknesses and exposures in networks. IT Matrix’s assessment uncovers and resolves
known and potential vulnerabilities in operating systems, firewall configurations,
and third party applications and services such as web servers, application servers,
etc. This service identifies point-in-time network vulnerabilities. The Network
Vulnerability Assessment, when combined with architecture-level assessments, forms
a vital part of a plan to ensure network security.
|
|
Security Configuration Review / Audit
|
|
Configuration Review / Audit is performed using professional analysis tools and
interviews with the IT/IS staff members, overall security and configuration gaps
are identified by analyzing the gathered information by tools and interviews. As
part of this service, we find over privileged accounts, weak-passwords, and excessive
permissions on servers, application and network devices and report all the findings
with suggestions, recommendation and remedies.
|
|
Secure Build
|
|
There are many aspects to Information Security, a number of which can be resolved
by having one standard secure build for servers, workstations and devices. Not only
does this improve security but also significantly reduces maintenance cost, allows
the easy regression testing of upgrades and patches on one build, and reduces the
introduction of malicious code.
|
|
Human error in all forms is a major security risk; from the introduction of unauthorized
software to turning off virus scanners, not performing backups of critical data,
to leaving machines logged on. All of these are reduced with one secure standard
build.
|
|
System Hardening
|
|
A Host Hardening Assessment reviews the current security configuration of a deployed
system and yields information and settings that reflect the best-practice security
configuration for a host. This assessment is for systems currently deployed with
an unknown or out of date security configuration. This contrasts with a Secure Build
Review that yields recommendations for a secure build procedure before deploying
a system.
|