Welcome to IMA’s No-Obligation Network Vulnerability Assessment (NVA). Our NVA program is currently available for businesses, small or large, in the greater Tucson, Arizona area. If you are outside this area, we will be more than happy to visit your site, however we will ask that you cover any travel expenses.
If you are 100% ready to proceed, you can click the link below, otherwise you are welcome to read on and discover what our Network Vulnerability Assessment will cover and what it can do for you.
Get Started with NVA
FACT: On any given day and any given time, a network is breached and the data it holds falls prey.
So, the ultimate question is, “Do you want it to be YOU?”. A few years back anti-virus was all the rage. Today, less than 5% of the threats to our network come from such viruses. The bad-guys have found easier and more powerful means of getting in. And with so much valuable data to get at there are more people trying to get at it. So, it has become a race between the good-guys and the bad-guys. With the playing field changing almost by the hour, how do, or can you keep up with it. Unfortunately, the bad news is that I don’t have the answer. In fact there is not one that I or anyone can provide. The good news is, there are steps you can take so that you position yourself as far ahead of the bad-guys as one can be.
Where you, and or your network stand, as far as it’s internal and external vulnerability is called your Risk Level? . If you have no idea what that is, then most likely your risk level is quite high. Having the knowledge and understanding of your network, and where ‘you’ fit into the picture is the most important in bringing your Risk Level down. Getting all the gadgets and technology is only a means to making it better. Even if your company is fortunate to have an IT Person or Department, it does NOT necessarily mean you have a lower Risk Level. Our experience has taught us that, like having Anti-virus, is often only a false hope. So, whether you have an IT or not, the fact that you are here, means you probably don’t know or would like to know where you stand.
IMA’s Network Vulnerability Assessment is an education, not a sales pitch. Our goal is that you learn from our assessment and then have plenty of questions on how you can improve things. Our hope is that we will be able to help provide the solution.
It boils down to this, “If you don’t know your Risk Level, then You Are At Risk!”
Get Started with NVA
If you still need some more information on our NVA and what it does, please read on.
Discover Current Network Vulnerabilities
A Network is made up of many devices (Workstations/Servers) that share information. They do so over the network. This information travels and is routed accordingly. You have you own network. The WEB is therefore a Network of Networks and information travels and is routed accordingly. But, just like our home or office, if we leave a door open. Someone will eventually come in and do as they please. So, to prevent this, we put locks on our doors. In the home we put locks on the liquor cabinets to keep the kids out. We put locks on the office doors to keep staff out. Then when we realize that the thieves have lock pics or simply break the window, we put in alarm systems, cameras and motion sensors. Well, we have to do the same with our Networks. Most folks thinks of Network security as that to protect us from the internet, when in fact we have to protect the internal network as well. The old saying, the strongest chain is only as strong as it weakest link. If you are only protecting yourself from the web, then anyone (good or bad) on your network has access to the same data you are externally protecting.
NVA will look at your current Network and show you where you are most vulnerable.
Analysis of Any Identified Security Threats
Any vulnerabilities we discover have associated with it a risk level, which is it’s threat potential. How much of a security risk is it? With that, each vulnerability also has associated with it it’s own means of remedy.
Many vulnerabilities can be fixed simply by education of what to do and more often what not to do. Connecting a laptop to the network after using the Wifi at some Hot-Spot is such a vulnerability. Yes, you can put all kinds of software and hardware in place to protect it, or simply not allow such activity. So, our NVA will also include any Potential Vulnerabilities that can occur in normal operations that you should be aware of. Quite often, things that we do, use or take advantage of on a daily bases can very often be potential threats. As with most anything, the more you know, the better off you will be. The result of this, even with no changes made, you will now have an accurate picture of your Risk Level. It is not a number from 1 to 10, but simply an understanding of where you fit — from exposed to safe.
Universal Threat Management Analysis
Universal Threat Management (UTM) is what we usually think or talk about when we look at anti-virus, anti-maleware, phishing, Trojans, intrusion protection. Most of us think of this as software installed on our devices to protect them. And that is what UTM is all about, protection. What we are all most familiar with is UTM at the device level, meaning on your PC. However, how does this help your network. The UTM solution works, but is it the most efficient.
If you had to protect your house, would you opt for an alarm system and guards or would you prefer to have an infinitely high wall built around your property with only one access point with a single alarm and guard. Obviously, the latter would provide more security in many aspects. With a house we have many points of entry such as doors and windows. And we would have to arm each, whereas with one entry point it becomes secure. Secondly, if we have only one means of in or out, we can monitor all traffic. This again is much easier than if we have multiple points of entry. Now, lets look at what happens if an alarm is tripped. When it comes to the house, most likely it is too late as if the alarm was triggered, most likely they are in the house. Damage has been done. Whereas, with the single point entry, if the alarm trips, the house is still untouched and there is time to react. Clearly, the wall is an overall better solution.
The same holds true with your network. Why not protect the network, not the devices. And if you think about it, it clearly makes more sense.
Our NVA will not only educate you on your current UTM status, but provide you with the advantages of Network UTM.
Internal, Wireless and Remote Office Security
Most often we think of network security as that of protecting the network from the outside. And in doing so we overlook the issues that arise from then internal network. That includes the ability to control the traffic between devices or groups. Who wants the shipping workstation able to access the accounts workstation. Or the parts department having access to the owners PC. And the biggest, and most overlooked security issue is that with having wireless, especially if you provide it to non-employees. The concept of the password as protection only keeps the honest people honest. And if you are providing any form of wireless, and have not made special provisions or added additional hardware then you are at risk. Another huge hole in network security is ‘working from home’. Remote Office is becoming more and more essential to ones network. However, there are right ways and wrong ways of opening your network to the outside world. Think about it, on one hand we are doing everything in our power to close any doors, then turning around and opening one to allow remote office. So, we need to do everything possible to make sure that the door is set at maximum secure.
Our NVA will look at these areas and provide you with what is currently in place, what are any issues and how to fix any issues.
Intrusion Protection and Content Filtering
Intrusion Protection is part of the UTM discussed above. Most threats coming from outside are attacks against your network. These attacks are initiated via a hacker, trying to find an open port (door) in your network and then exploiting it. On any given day, if you have the means you will find multiple scans of your networks WAN IP device. This is usually your modem or router. These scans are just that, someone or some device is scanning you modem or router in hopes of finding such a hole. If they do, they have their next victim. This is called an uninvited attack. These forms of attacks are easy to protect against as most of today’s, modems and routers have all unused ports closed by default. However, the bigger problem arises from the invited attack. Now, that is not where one intentionally invites someone in, it usually is by means of an email or application. And the best way to pass these invites out is to make them part of Free Software. I didn’t say that all intrusions are hackers trying to damage or steal. In fact, you could have software application that looks perfectly safe, and perfectly legit but here is the problem. This application sends info to a designated server, which is what it is supposed to do. Now, the hacker sees that the port this software communicates on is open. All the hacker has to do is figure out or Google what applications use that port. Then they can spoof themselves and trick you network into thinking this is invited traffic, as you have allowed it, and you have now been hit. This gives the concept of Intrusion Protection a whole new level of sophistication in being able to determine if the ‘invited traffic’ is actually friend or foe.
Of course we are concerned with what traffic comes into our network. Of course we want to stop any ‘bad’ traffic. But what about traffic that is requested by someone using the network. One way to further lessen the potential of ‘bad’ stuff is to filter all incoming traffic. If you prevent any pornography sites, then you off course keep such sites out of the office place, but you also lessen the chance that a site will drop a trojan onto your network. Thus, you have killed two birds with one stone. Now, we can take this process of content filtering to a much higher level by controlling who can see what and when. They say that 28% of billable work time is spent on non-work related chores like shopping, banking, job-hunting and watching you-tube. Employing Content Filtering to your network allows you to control what is seen and not seen. Eliminate porn in the workplace and greatly reduce the chance that it can land you in the hot seat.
Identity and Password Vulnerabilities
When it comes to passwords and identity most networks fall apart. If we put lots of money into securing our network, and have a workstation that doesn’t require a valid password to log on, is a an open door to disaster. If we tape a little piece of paper to the underside of the keyboard, or in the desk with our password what have we accomplished. These devices are easy targets for non-staffers to use when no-one is looking. And if you think they are simply going to check the Wall Street Journal, you are mistaken. They are going to have a field day, at your expense.
Create proper identities and passwords for all devices is crucial. Thus it is important that a set of ‘standards’ for which identities and passwords are setup and maintained. Included with that are the procedures for adding and removing identities as they come and go. So often an employee’s identity is left active on a device after they are gone. Most likely, they won’t be back, but what is to say that they didn’t share their info with another employee who does have access. And what if they still have external access? Having a set of procedures in place, will greatly reduce the risk.
Backup & Disaster Recovery
This is probably the number on overlooked issue. And until it has happened, one doesn’t know just how disastrous it can be. There are all kinds of backup. From simple backup of key files to entire computers. Where you fit depends on how much ‘downtime’ you can endure. There is no perfect solution as there is no way to predict what might happen. We simply have to weigh cost, with probability and acceptable loss. Put simply, having NO backup plan, is a disaster waiting to happen. Employing even the simplest of plans can save you business. With offline/cloud storage readily available, and more and more affordable, there is simply no reason to not have some form of backup.
If you have critical data, and down-time has be measured in hours not days, then we have scale our backup to disaster recovery procedures. And like the fire-drills when we were kids at school, these procedures need to be tested and practiced.
Recommendations for Improved Security
Why are you here? Either you just like reading or still not convinced to take advantage of our NVA. At this point there isn’t much more we can tell you. Our goal is to educate you on your Risk Level based on what has been described above. And my guess is that you have learned a little just getting here. All we ask of you is a little of your time. In return you will be overwhelmed with, maybe too much, information but you will know where your network stands. Our NVA is without any obligation. Ultimately we hope that you ask for our assistance in improving your network and lessening your Risk Level. There really isn’t anything to lose.
Get Started with NVA