Whether it is your device operator, manufacturer or service provider, secure device configuration is an important element in ensuring the security of components responsible for data transport.
Devices play an integral role in any infrastructure environment as you have to connect these dots in order to have communication with outside world, adjacent networks or other trusted vendor networks. Importance of secure configuration to ensure a good hygiene can't be underminded in this area. These include comprehensive checks around stable and secure firmware, patch management, user and administrative interface restrictions, use of strong and multi-factor authentication and device related secure configuration steps.
The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.
Cybersecurity is only effective when it is proactive. By identifying weaknesses and vulnerabilities before they are exploited, you ensure the integrity of your network. Frequent security assessments also create a more efficient system, helping to prevent data loss and minimise any downtime that would affect your business and your customers.
No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.
Event logging provides you visibility into the operation of your device and the network into which it is deployed. We review how the logs are configured and stored for all the devices under review
The very purpose of security is to be proactive and make it challenging for a threat actor attempting to compromise your network. This might not be enough and you need to able to detect the actual breaches as they are being attempted. Reviewing logs regularly could help identify malicious attacks on your device or network in general.
We review ACL's / rules applied in the device configuration to ensure no additional or inappropriate files have been configured. This also includes identifying any inactive or disabled rules.
Devised to prevent unauthorized direct communication to network devices, infrastructure access control lists (ACLs) is one of the most critical security controls that can be implemented in networks. Infrastructure ACLs leverage the idea that nearly all network traffic traverses the network and is not destined to the network itself.
As part of the audit, we review the device operating system and version in use. We review the patching policy and if the device under review is part of this policy as well.
A patch management policy is important for keeping your system's security regularly updated. Patch management involves obtaining, testing, and installing several patches to the computer system to keep it safe against malware attacks. The tasks carried out during patch management include: keeping up to date on which patches are available, determining what patches are right for your system, making sure that these patches are properly installed, testing your system after installation, and documenting all related procedures.
We analyse the underlying device for excessive and unnecessary services, default access credentials, management services (such as Telnet and SSH), and general configuration.
As a security best practice, any unnecessary service must be disabled. These unneeded services, especially those that use User Datagram Protocol (UDP), are infrequently used for legitimate purposes but can be used to launch DoS and other attacks that are otherwise prevented by packet filtering.
Passwords control access to resources or devices. This is accomplished through the definition of a password or secret that is used to authenticate requests. When a request is received for access to a resource or device, the request is challenged for verification of the password and identity, and access can be granted, denied, or limited based on the result.
We review the type of authentication mechanism is implemented on the device. In addition, the password policies applied on the roles and privileges /user account on the device is reviewed by analysing the password hash, if that is obtained from the device config
The management plane consists of functions that achieve the management goals of the network. This includes interactive management sessions that use SSH, HTTPS (if web interface available) as well as statistics-gathering with SNMP. When you consider the security of a network device, the management plane must be protected. If a security incident can undermine the functions of the management plane, it can be impossible for you to recover or stabilize the network.
The management plane is the plane that receives and sends traffic for operations of these functions. You must secure both the management plane and control plane of a device, because operations of the control plane directly affect operations of the management plane.
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces
