Network Security Audit
Because of the recent wave of attacks on computers, and in response to our client’s concerns over the safety of their computers and
networks, Progressive System Solutions, Inc., recently purchased software specifically designed to discover holes or access
points in your network and computers that hackers might exploit. Our certified network engineers have also spent many hours researching ways
that hackers can attack your system; (many of you have experienced an attack of a worm or virus on your systems already). Progressive has
developed a Network Security Audit that allows us to use this software and knowledge to test your network and individual
computers for ways that hackers can attack your system. While this in no way guarantees 100% protection (Microsoft and hackers are continually
finding new weaknesses that can be exploited) we were amazed at the number of existing flaws that were found even in our own network!
Following you will find questions and answers on our new Network Security Audit. Please read it and consider taking advantage
of this new service. If you have any additional questions or wish to schedule a Network Security Audit please feel free to
contact us at (407) 523-7676.
What is a Network Security Audit?
A Network security audit is a process that probes a computer, or a network, that is attached to the public Internet, for
vulnerabilities that hackers or disgruntled employees might exploit.
Why do I need a Network Security Audit?
Because software and hardware are created by people and people make mistakes. These mistakes leave holes in each product that hackers
freely share among themselves. With literally thousands of hackers sharing information and programs, it only takes a few days for someone to find a
way to exploit the latest hole and compromise a single computer, or an entire network.
Don’t the manufacturers fix these problems?
Sometimes. But, not all people apply these patches and there are other ways of getting access to a computer. Very few people keep
strong passwords because they are considered too hard to remember; hackers use something called a dictionary attack that tries every word in the
dictionary, including names, and adds numbers to those words. A password like "rover1", or "mary123" is an easy target; and once the hacker is in,
they control you--keeping them out in the first place is the best defense.
We keep our computers updated with all the latest patches. Why do I need an audit?
Aside from the password issue, just because a hole has not been reported publicly, does not mean that it does not exist. Historically,
manufacturers have hidden these problems and quietly released updates, sometimes months or years later. In the meantime, the hackers that found the
problem in first place are quietly writing their programs, too. Only recently have security companies decided to go public with these reports after
some manufacturers have refused to address the problems in a timely manner.
We’ve never had any problems before. Do I really need an audit?
Yes. Hackers are not interested in you; they are interested in your computer. When a hacker invades a
computer, one of the most common things they do is install a program that allows them to take control of your computer to do something to another
computer. When the hacker can control hundreds, or thousands, of computers to do something specific, like attack a critical government agency, or
business, they are far more effective; these are called distributed attacks. Other hackers are more personally malicious and intend damage to the
affected computer; these programs can destroy whatever they find on your computer while spreading to the next one.
My computers are running fine, but my Internet access is a lot slower than it used to be, could the hackers be doing something?
Absolutely. If all the obvious holes in your network have already been closed, the hackers will still keep trying to get in;
remember, it is not you they necessarily want, it is your computer, and they are just running programs that scan hundreds or even thousands of
computers while they go do something else. In the meantime, your Internet connection can become flooded with unsuccessful attacks. If this is an
ongoing problem for you, Progressive System Solutions can set up an intrusion detection system to determine the exact nature of the attacks and
attempt to track them back to their source.
Ok, you've convinced me. What happens during a Network Security Audit?
We use some of the same tools that the hackers use on your system to determine the weaknesses and recommend changes to your computer,
or network, to patch the holes we find. We look for unnecessary services that are installed by default that give the hacker a window into the
computer. We check each computer for the latest patches against a large database of information.
I'm already pretty technical, I'd like some more detail.
- No changes are made to the computers, or network, without your approval.
- The first step is to evaluate the current connections to the Internet and look for potential entry points. Then each entry point is evaluated and
assessed for vulnerabilities; a risk profile is created for each of the connections.
- The second step is to scan the interior of the network for weaknesses in the computers with a comprehensive port scanner that also looks for the
installation of critical patches; a risk profile is created for each computer.
- If suspicious activity is already detected, the engineer may setup intrusion detection software to more fully discover the source of the activity.
- At the completion of the audit, the engineer will compile the data from the different sources and create a series of action items for the network
in general and the individual computers. At your direction we can then "fix" any problems that are found, based on our normal hourly fee.
Prices: $99.00 Base fee - additional $50.00 per server - additional $10.00 per workstation - additional $29.00 per computer scanned for virus.