Network, IT and Cyber Security
Various IT / network / cyber security audit services are provided by BDO, including application penetration testing, external and internal network penetration testing, and other logical and physical security audits. (See cybersecurity for more information.)
The following are the main areas of coverage:
Cybersecurity - manual, external penetration testing
BDO provides Internet-perimeter security posture assessments. The objective of these penetration tests is to emulate a hacker scenario from the Internet (i.e. from outside an organisation’s internal network), within a finite time and at a limited cost. A full, manual penetration test is performed against a client’s Internet-facing IP addresses and/or websites (especially web applications, known for security weaknesses). This may include all company domains, external firewall IP addresses and NAT ranges.
BDO follows a strict methodology when conducting security assessments. This methodology ensures that a structured process is followed when conducting a project of this nature, and provides a client with a standard against which the assessment can be measured. Project deliverables normally include:
- Target verification.
- “Footprinting” and vulnerability scanning (i.e. automated scans are used to collect and document perimeter information – especially potential vulnerabilities associated with certain technologies).
- Manual penetration testing (i.e. exploitation tests are performed by a human (experienced tester) to test a perimeter’s robustness against known vulnerability hacking attacks).
Cybersecurity: Manual, internal penetration testing.
BDO provides internal infrastructure security assessment services. The objective of these penetration tests is to emulate a hacker scenario from the internal network (assuming that the external perimeter has already been breached). The methodology being used offers a client with a comprehensive overview of the security posture of the internal network infrastructure, within a finite time and at a limited cost. Project deliverables normally include step-by-step feedback on the findings:
- Filtered results from all scanning tools used.
- Complete and detailed analysis of each host assessed.
- A detailed report of the penetration testing process followed, subsequent to the automated scans; using information obtained during the scans.
- Practical, detailed recommendations regarding changes to be made on relevant hosts and applications.
Other logical security audits.
When required, we can perform detailed reviews and audits to assess the security healthiness of system implementations at:
- Operating System Level. Any kind of operating system - e.g. any Windows platform, LINUX, UNIX, mainframes etc. (including total network security and architecture assessments; e.g. Windows Active Directory installation audits).
- Database Level. Any database management system (e.g. SQL, Oracle etc.).
- Firewall and Router Level. Any firewall and router device.
- Application Level. Application specific security settings.
Above reviews normally focus on product specific settings, and BDO therefore benchmarks security installations against internationally accepted best practices; with the objective to increase the level of perimeter and internal security of clients, requiring more robust security.