Security Assessments

Our approach to security assessments takes into account a broad range of factors. During the initial visit, we outline the processes and begin to collect any existing documentation. Following this meeting, a project scope and schedule is developed and agreed upon by all concerning parties. Based on this schedule, Kryptec.net engineers then perform non-invasive traffic and host scanning. All possible steps are taken to make this process as transparent as possible.  Some security firms choose to avoid the impact on the network by scanning during nights or weekends, but we have found that this can lead to incomplete or inaccurate data. To reduce the occurrence of false-positives, Kryptec.net uses multiple tools and comparative analysis.

In addition to the scans, questionnaires are submitted to both the IT department and the client user base to give a subjective indicator of the various attitudes and knowledge sets regarding computer security.

The next stage is to locate any wireless access points that might reside on the network. This is another important element in any assessment, because many times open and unknown wireless points are easy back door targets into a network. If an attacker can gain access through this type of entry point on the network, perimeter security devices on the network can be bypassed.

Perhaps the most important step in achieving a secure environment is the establishment of policy and procedure documents. These are not meant to be stagnant; instead they are dynamic documents that can adapt, change or improve with proper care. It is important to keep these documents relevant and succinct. An important stage in any assessment is to review any existing documentation, and in this case we analyze the policies and procedures, network diagrams and IP address schema lists. Recommendations are included for remediation and mitigating efforts.