QUICK LINKS Click here for more DAS links

Information Technology

Security Services

Assessment Services

Internal Assessment

Evaluation of network security from an internal perspective. We perform a vulnerability assessment of client systems and networks, finding ways of minimizing security risks within the network. This is especially important because many security breaches actually occur from within the network.

External Assessment

An evaluation of network security from an external perspective. We perform a vulnerability assessment of client systems and networks , especially firewalls, switches and routers, which are the Customer’s main line of defense from the outside world. This assessment includes activities performed from two different perspectives;

Having no prior knowledge of the client’s network
Having some prior knowledge of the client’s network
The scans and analysis are performed from two venues, first from the internet to determine vulnerability from outside the State network and second from the State network backbone to determine vulnerability from other departmental networks.

Quick Hit Assessment

This is a technical evaluation of a single server or device.

Modem Sweep Only

A dial-up assessment. We scan the client’s telephone system to detect the presence of authorized modems. Incorrectly configured modems and unauthorized modems can seriously undermine the network security since they can bypass a client’s main lines of defense; firewalls, switches, routers, and authentication processes.

Password Assessment Only

An evaluation of the strength of passwords and use of default passwords. We can quickly review passwords in the systems selected to verify strong password use or discover weak password use by using of several ‘password cracking tools’. These files remain confidential and in the possession of the client. Weak and default password use should be discouraged since they can quickly provide access to critical systems.

Physical Assessment of IT Assets Only

A security evaluation to check on the measures implemented to physically protect critical systems and access to network components.

Security Culture Assessment

An informal evaluation to gauge the level of employee security practices performed in the client department. Examples of this include checking for workstations left on and unattended, displaying passwords, and allowing unauthorized system access.

Physical Vulnerability Assessment

These assessments determine how secure locations are from an overall physical security perspective of the facility. This includes an evaluation of the client’s security culture, on-site property penetration, and on-site computer accessibility. Reports include applicable recommendations to improve or enhance physical security.