Security Services

Overview

At Network Strategies we believe that being pro-active and staying in the security forefront is one of the most effective defenses a company can take to thwart attacks. Network security is about understanding and controlling the devices and users that are on your network while intelligently layering your defenses and monitoring your entire enterprise. Knowledge is the key to keeping your network secured and running.

All of our personalized security services are designed and implemented with these ideas in mind. This allows us to respond to threats as they occur, giving our security engineers a much higher chance of detecting and stopping these threats before they have a chance to spread and cause damage to your enterprise. We offer five key services, each of which is designed to tackle the most important security needs for your organization.

 

Border Defense Service

Financial gain is now driving the bad guys to become more and more persistent and creative in how they are bypassing standard security technology. As a result, threats against company networks from the internet are on the rise. On top of this, many companies today have multiple entrance points into their networks creating multiple areas of access, many of which are never monitored for malicious traffic or un-authorized users. Any application, any user, and any service can be allowed accesses to the network and its servers and workstations. Realizing this security concern in many corporate networks, Network Strategies developed the Border Defense Service.

The Border Defense Service uses leading edge, signature based, Intrusion Prevention System (IPS) security technology to enable us to monitor, proactively respond to, and eliminate threats to your network borders as they are happening. These systems are set up in-line to watch your network borders 24 hours a day, 7 days a week, 365 days a year and provide us with information on security events as they occur. The majority of attacks directed at a company’s network start with initial scanning and reconnaissance. The Border Defender devices will alert us and at the same time block these recon attempts thus disabling the ability of the cracker to gain knowledge of your network. If a cracker is into deeper phases of exploitation of the network, say attempting to exploit a vulnerability in a company IIS web server, the Border Defender will alert us to this exploitation if it is known and we will be able to stop it before they have a chance to follow through with the exploitation. Internal systems are also watched for malicious outbound traffic as well in case antivirus fails to catch it. 

 

We can deploy and monitor the: Inside/Outside of Firewall, WAN connections, DMZ’s, Wireless Networks, VLAN’s, Protected Servers, etc.

 

Network Profiling Service

Mitigating threats from the internet is an extremely important aspect of network security. Unfortunately though, many companies mistakenly overlook securing the internal network as well. Threats from the inside are becoming an increasingly common problem that most companies and security providers have no solution for. One of the keys to solving this problem comes down to having knowledge about your network. Knowing what devices, services, and users are on your network as well as why they are on it is vital to maintaining the security and integrity of your network assets.

At Network Strategies, we are offering our Network Profiling Service to assist in answering these types of important internal network security questions.

Knowledge:

• What devices are on the network?
• What services are being used on the network?
• What users are on the network?
• Where are these communications going?

Understanding:

• Why are the particular services being used?
• Why is a particular user communicating with a particular server?
• Why is a particular application running on the server?

By answering the who, what, when, where and why of network communications our security professionals have the ability to create a profile of your network by taking an in-depth look at your hosts’ attributes as well as the network traffic that passes between these hosts giving us a complete picture of your network. With this service, we also have the ability to know which users are on the network as well as also knowing which user last logged into a system pinpointing who might have violated your company usage policy. By creating a baseline of what is normal network traffic and services, it will then be easier to catch network anomalies and unauthorized network traffic.

 

Log Monitoring Service

System log files can provide a wealth of knowledge about successful or failed login attempts, changes to services, changes to a system, etc. In the context of security, they can be very useful in the auditing of servers or other systems on the network. For example, if a user attempted to brute force their way into a secure application server, you would never know unless that system were logging and someone was monitoring those logs. Another common cause of concern with logging is that most crackers that break into a system will delete or alter the log files to cover their tracks. If you are only logging locally, you cannot always trust the logs on the server or system that has been compromised.

Seeing this need and concern, we have created our Log Monitoring Service. With this service, we have the ability to capture the log files from log enabled systems and keep them in a central secure location. This enables us to monitor failed login attempts, user logon/logoff, or anything else deemed important for maintaining the security of a system and the network. If a system does become compromised and the log files are tampered with from that local system, we will still have access to the unaltered logs stored on our secure, central system. Some of the more important devices worth monitoring are:

• Firewall log files
• Switch/Router log files
• Server log files
• Workstation log files
• Wireless Access Point/Wireless Management Device log files

Not only is monitoring these logs files important, storage of these log files can also be of utmost importance when pertaining to compliance regulations. HIPAA requires these log files be stored for several years to ensure that they can be accessed to assist security professionals or law enforcement while investigating a security incident. If requested, we can archive these files for extended periods of time.

 

Vulnerability Scans

Most of the devices we have on our networks today run because of the software that is loaded onto them. Whether it is our computer, network router, or a firewall, someone wrote the operating system and the applications running on that operating system. One thing many people fail to remember is that software is written by humans and humans make mistakes. Therefore, no matter who wrote the software, there is a high probability there are going to be mistakes written inside the code that leave a cracker with multiple attack vectors for compromising that piece of software. That software can be an application such as Microsoft Word, Internet Explorer, Microsoft Windows, Linux, Adobe Acrobat Reader, or even software running on your company firewalls and routers. Keeping up with software patches and security updates can be a daunting task for an organization’s IT staff that is already over burdened with other network issues.

We perform vulnerability scans against any system in your organization to test it for holes in its software or operating system. If holes do exist, we will be alerted to them which in turn allows us to make sure those systems get patched, if available, in a timely manner. The fewer the vulnerable systems, the fewer targets a cracker will have at his disposal.

We perform our scans on a regular basis as vulnerabilities are discovered on an almost daily basis. Many of these vulnerabilities will not even have patches or fixes until much later after its discovery. That slow reaction time on the part of the manufacturer can mean the compromise and potential downfall of a company’s network and its systems. Most network administrators are never aware of a vulnerability until after the manufacturer releases a patch for it. If we scan and find a vulnerability, we can place that system on alert to watch and protect it until a patch does become available. The more you know about your systems and their vulnerabilities, the better you can protect them from attack.  

 

Timely Reporting

Reports will be tailored to the service(s) you choose. We will provide you with timely monitoring reports that will show traffic deemed interesting to the security context put in place for your organization. Some of the information outlined in these reports will include, but are not limited to the following:

• Policy violations
• Security related events or threats
• Unauthorized changes to services
• Systems most vulnerable to attack
• Suspicious or unauthorized network traffic patterns

 

Hackers

Hackers are not only good at exposing gaping security lapses; they're also becoming more proficient at finding backdoors left only slight ajar.

Home | FAQs | News | Contact | Top of Page

Network Strategies, Inc. © 2008 | All Rights Reserved
Graphic Design by RTBWizards.com