|
Security best practice recommends that organisations secure their
infrastructure with Firewalls, Proxies and Content Scanners. In addition,
infrastructures should be monitored with Intrusion Detection and Prevention
Systems, and logs should be reviewed, with event analysis and pattern
correlation being performed.
Security does not stand still. New vulnerabilities and exposures are
announced every day, and as a consequence, a system that is secure one day, can
be unsecure the next. Security best practice urges organisations to
"test" their infrastructure with both Vulnerability assessment and
Penetration Testing services being conducted as frequently as possible.
Penetration Testing services will provide documentary evidence about the
environment's strengths and weaknesses. In addition, where an exposure exists,
a Penetration Test will arm an organisation with the information needed to
remove the risk, whilst also improving the overall topology for the future.
|
|
Report recommendations typically include details on website coding changes,
configuration changes, topology changes, and the implementation of new security
controls. Advice and guidance is then provided on how this should be fed back
into the organisation's security policy, with improved security and monitoring
services being implemented thereafter.
Without a comprehensive testing programme, an organisation will not stay
abreast of the IT Security landscape. Vulnerabilities, exposures and weaknesses
are constantly being unleashed, and environments that remain untested will be
susceptible to viruses, hackers, and data theft. As a consequence, legislative
controls such as Sarbaines Oxley, ISO 27001, FSA and PCI DSS, have made
Penetration Testing a de-rigour component of an effective security policy.
To find out more about how Nettitude can help you with your Security Testing
requirements, please complete our contact form, and a Consultant will respond to
your enquiry.
|