Areas that our audits typically cover include;

Firewall Audit

We will deliver a thorough audit of your firewall device and configuration for potential vulnerability.  This will include device settings such as rules – what are your businesses settings around inbound traffic for example – what types of traffic do you allow into the network ?  Equally crucially, what do you allow to leave – if you control traffic leaving your business, you control your susceptibility to ransomware and the like.

 

Wifi Provision Audit

Wifi is a major area of vulnerability for businesses.  Recent published weaknesses in the WPA2 wireless access standard have made our wireless vulnerability analysis even more detailed.  Our audit covers areas such as guest network segmentation (including BYOD policy), frequency scanning, encryption analysis, device management (how do you know and control what devices have access to your network?) and password management, both for existing and past users.

 

Software Vulnerabilities

We will audit for up to date versioning on operating system and productivity software including a report on where the latest patch updates have and have not been applied.  This can be audited on all servers and workstations.

This exercise will include analysis and audit of anti malware and anti virus software

 

User access

We will provide a comprehensive review of your user access.  This will include password policies, screen locking policies, removal of leavers and other areas where incomplete application of access policies can result in business vulnerability

 

Access Permissions

Having understanding and control of access permissions is a vital component of security assurance.  Our audit will enable us to identify permissions levels and to enable assessment of the validity and suitability of these and to ensure that permissions settings meet business process requirements as well as security.

 

Mobile Devices

Key in all of our activity is the inclusion of all devices, not just workstations and servers, but also mobiles.  We will audit your known mobile devices for vulnerability, including an assessment of password policy, encryption and remote control / wipe type facilities.