• Did you know that most organizations still use
    IIS 6 and 7 which are vulnerable to public exploits ?

    Did you know that 90% organizations
    never update Java due of application dependency ?

    Did you know that 95% organizations
    never thought of updating flash plugin installed on the browsers ?
  • Did you know that 65% organizations still
    use 123456 as their password ?

    Are you aware that the local admin credentials can be stolen
    from the end-user systems by using Pass-The-Hash (PTH) attacks ?
  • Did you know that most organizations have not configured NTP
    on their network devices leading to difficulty in identifying the
    attack trail from an audit log ?

    Did you know that most organizations have not fine-tuned
    their web gateways / IDS / IPS to get the best results ?

Configuration Review and Infrastructure Hardening

Most of the network devices are configured in a way to run the business without taking care of the security. Configuration review would help you in identifying the gaps on network devices such as routers, switches, firewalls, WLAN Controllers and load balancers or any other technology implemented on the network and securely configuring them to prevent an external attacker to traverse through the network. Infrastructure hardening is the process of tuning all the network devices and servers to increase security and help prevent unauthorized access. We will ensure that the hardening standards are in place and in line with industry benchmarks, and that your servers are patched and configured to comply with these standards. We have a rich experience in hardening all flavours of Linux versions, Windows servers and Database servers. Apart from hardening of the servers, we can help you in hardening the network devices which includes but is not limited to firewalls, routers, switches, load balancers, web gateways, spam filters. This would ensure that your network devices are secure and are proudly playing their role without any security misconfiguration, thereby, reducing the internal attacks too.

In this assessment, we would perform an exhaustive review of the configuration of the network device. This would involve the devices such as web gateway solution, spam filtering solution, identity and access management solution, vpn gateway, wireless LAN controllers and many more. Since, the network device components in place may differ from organization to organization, this would be a completely customized assessment based on the already existing configurations and the gaps in alignment to the standard best practises :

In this, we would check if the admin consoles are configured with default passwords. The session timeout related information. The total users who have access to the admin console and whether it is monitored. A weakness in this could allow an attacker to configure a network device completely and create a backdoor within the network.

Encryption is important to ensure the confidentiality of information. We identify the weak SSL cipher suites used by the device for secure connections or for secure storage of device passwords within the device. This could introduce the vulnerability of a collision or a Birthday attack.

While performing a firewall config review, we would be doing a rule base review of the firewall rules and verify and evaluate the connections established between the trusted and untrusted networks. Weak firewall rules would allow an attack to perform sophisticated attacks without being detected. There have been even incidents were weak firewall rules led to successful data exfiltration from the internal network.

If the system time configured in the network devices are not in sync, this would render the device logs useless in case of a forensic investigation post incident. Even Normalization and Co-relation of the device logs across the network would be possible only if the time configured on all devices is in sync with NTP server.

The management of network devices are performed by configuring SNMP protocol. We would evaluate whether the SNMP community strings configured are public or private and that if these community strings are complex in strength. Once the SNMP community strings are compromised, an attacker would be able to gain access to the entire device.

The network device's firmware may be out of date and may be vulnerable to several OS level exploits. An attacker may exploit these vulnerabilities to gain root-level access to the device and create backdoor to the internal network.

We would evaluate whether the backup is configured for the device. Regular configuration device backups and restoration tests are necessary to ensure that the device is up and running after an incident.