|
|
Every computer network is unique. Workstation and Server operating systems,
types of routers, remote access, VLAN's, printers, data storage, disaster recovery strategy and daily backups are just a few
of the puzzle pieces that need to be considered on your network. Add to that the individual software packages that drive
your computer decisions and you can see where the administration of your network can look like a full time job whether you
have 3 or 300 computers. UniTech has a staff of trained and seasoned
computer experts who have been helping businesses sort out their networking needs for a combined 100+ years. We will
help you optimize your network and maximize your IT budget. For quotes on computers, servers, networking
equipment or service contracts call Roger at 574-674-1513
Our sophisticated network security reviews and vulnerability
testing can identify areas within your organization that are susceptible to potential financial loss, fines and penalties,
customer security breaches, and unwanted negative publicity, amongst other things.We utilize the latest commercially available software tools as well as proprietary, custom-designed
hacking routines in an attempt to design and carry out attacks your system might be subjected to so that we can identify any
vulnerabilities you might have. We focus our vulnerability analysis on nine key areas:
Our penetration testing services follow a three-tiered
approach, consisting of Discovery, Assessment and Exploitation. During the Discovery phase we attempt to discern as much information as we can about
the topography of your network. One of the first steps we take is to do an external penetration test using commercial software
and easily obtainable (public domain) information about your company. We determine whether or not you are paying attention
to these attacks and reviewing the associated logs. All identified domain names and IP addresses are verified prior to moving
on to the Assessment phase. We also complete “Whois” queries, zone transfers, ping sweeps, and traceroutes on
several blocks of IP addresses. The traceroutes will help us identify routers, firewalls and gateways. We identify all connections
to the Internet including some that may be unknown to network managers. The Assessment phase identifies all security holes and vulnerabilities of your network.
We document all target hosts, along with Operating System, IP Addresses, Applications, Banner Information and Known Vulnerabilities.
This provides us with the amount of information a hacker can obtain about your company prior to compromising the network.Once the Operating System is identified we
tailor our list of port scans and develop a list of potential holes and vulnerabilities. Our port scanning is generally completed
when your network is least busy to avoid disruption. Once we know the open ports, we connect to the ports and grab a banner
to verify the applications that are running. Once a list of applications is developed, we determine which vulnerabilities
exist, document them and download the exploit code (if applicable) for use in the next phase of our testing. The Exploitation Phase may or may not be completed based on client
objectives. We attempt to gain root or admin level access to the target systems. After we obtain unauthorized access to a
remote system through the ability to execute a command on a target host or direct access to a user account, we document all
relevant information and share it with the client so corrective action can be taken. At this point we can install a tool kit
and continue to exploit the system by acquiring Unix password files or the Windows registry, or we can stop the process, dependent
upon client wishes. If we load our tool kit, we return the system to normal after testing is complete.We have significant experience and expertise completing NVA's
and other security reviews for the financial services, banking, manufacturing, higher education, medical services, defense
and transportation industries.
UniTech has been providing Forensic Data Recovery and preservation to the business community for over seven years. This procedure can be sensitive in nature to the employees of your company and for this reason much of the work is done before or after normal business hours. In addition all work is performed in the strictest confidence. Contact Roger Antoniu or Mike Portolese to discuss any potential projects.
Our risk-based IT audit approach identifies nine key IT process areas, such as Change
Control and Application Controls, that must be evaluated prior to expressing an opinion on the overall effectiveness of the
internal control environment. For each of these nine IT processes, specific control objectives have been identified. These
control objectives have universal applicability for any company that strives to publish accurate financial statements. For
example, one specific Control Objective in the “Applications Controls” section would include the following: Provide
assurance that each critical application has a security methodology in place so that:
Recognizing
the need for an integrated and SOX-compliant approach to the evaluation of IT controls over financial reporting,
ALP developed a detailed, risk-based approach to auditing IT systems and applications for Sarbanes-Oxley compliance. We utilize
the COBIT® and COSO® frameworks to understand, document and test the linkage between IT processes and financial system
controls. This approach results in true “value-added” audits that address risks specific to your information systems
environment(s) and eliminates unnecessary control objectives from the scope of our review, saving you money, and is consistent
with SEC and PCAOB requirements and directives.
|