Security Assesment And Audit Policy

Axxera consultants have a proven track record of success and an intimate understanding of the latest security vulnerabilities. With customized analysis tools our information security consultants are able to identify malicious activities and security vulnerabilities that are often overlooked.

Each relationship begins with a careful assessment of the client’s unique business practices and through mapping of the organizations information technology infrastructure. After identifying the client’s core business needs, Axxera develops a customized information security solution that combines expert consulting with product and service recommendations.

Axxera’s Security Professional Services group operates on the premise that information security solutions must be based on the client’s fundamental business models and processes. Working closely with the client staff, members of our professional services team identify both high-level strategic threats, specific technical vulnerabilities, and suggest solutions to mitigate risk.

Assessment Methodology

Axxera organizes the typical assessment into three phases:

Phase 1: Axxera conducts a zero knowledge external penetration assessment, evaluating the security posture of the client’s network as it appears to an outsider from the internet. During this phase, a dial-up penetration test is often undertaken. Dial-up testing is conducted to determine the level of risk of intrusion from the public switched telephone network.

Phase 2: Axxera typically undertakes a technical vulnerability assessment of the client’s internal systems with penetration techniques used to validate and demonstrate the presence of vulnerabilities. Internal testing is performed to eliminate the risk of being monitored from the internet and attacked by copycats. In addition, Internal testing can identify vulnerabilities that may not easily be found from the external network, but may leave the systems vulnerable to attack from insiders through dial-up, or from future vulnerabilities that come into being with the entry point gateway.

Phase 3: Third phase of the assessment includes a cooperative security review of selected proactive mechanisms. During the cooperative review, Axxera consultants work with the client’s staff to review configurations of network protection mechanisms, including firewalls and routers, to identify additional vulnerabilities that may be hidden by chance or by circumstance. Such vulnerabilities may include rules that permit dangerous connections, but only from selected locations or under selected circumstances. In addition, the cooperative review identifies policies and practices that have permitted the technical vulnerabilities to come to existence. Axxera can not only help to correct current vulnerabilities, but also help to prevent the occurrence of future vulnerabilities.

Axxera examines the sensitivity and value of existing security policies to confirm points of efficacy and develop a corporate security policy if warranted. Application Code Review Services check your source code in over 20 different security-critical areas to identify application vulnerabilities and recommend actionable solutions.

Security Architecture Design

Axxera Security Architecture design services include the following:

  • A review of the current network design and systems architecture in light of defined security policies and best practices
  • Recommendations for architectural improvements
  • "From scratch" designs of large and small scale secure network and system architectures

The Axxera Assessment addresses:

  • Whether critical components work together
  • Whether security mechanisms cascade for redundant protection
  • Whether the security perimeter is well defines and affords adequate protection
  • Whether systems are adequately configured to prevent unauthorized access
  • Whether existing policies and practices are adequate to prevent a reoccurrence of the identified vulnerabilities
  • Recommendations for additional safeguards to adequately mitigate risk created by identified vulnerabilities
  • Recommendations for residual risks and other critical