Security Audit

nForce Solutions will audit your program in its complete/compiled form (executable/binary) or with its source code. nForce Solutions checks your program to make sure common programming mistakes such as buffer overflow, format string, race conditions, invalid input type, etc. are spotted, adequate security protections are in place and integrated into the program itself to protect the program from malicious exploitation. For more information, contact us!

Our security audit service emphasizes strongly on two main areas: system devices and software.

System Devices
nForce Solutions offers security audit for a wide range of system devices and technologies. Our system device security audit covers but not necessarily limited to the following:

• Firewall
• Router
• Wireless AP
• Intrusion Detection System
• Intrusion Prevention System
• Servers
• End-user Workstation
• System Devices

nForce Solutions offers security audit for a wide range of system devices and technologies. Our system device security audit covers but not necessarily limited to the following:

• Firewall
• Router
• Wireless AP
• Intrusion Detection System
• Intrusion Prevention System
• Servers
• End-user Workstation

Software
Vulnerabilities in software is responsible for nearly 80% of all network security breaches. The unstoppable growth of the Internet and e-commerce make software security become an even more critical task. Despite criticality, software are still buggy and vulnerable to all kind of attacks owing to the lack of software quality assurance or security audit.

nForce Solutions offers two methods of software security audit to help you find and eliminate security holes in your software and assure your business continuity: blackbox and whitebox (source code). Blackbox method involves reverse-engineering the software whereas whitebox or source code audit requires our consultants to manual review software source code to uncover vulnerabilities.

The following lists some of the common vulnerabilities that our consultants generally look for:

• Buffer overflow
• Format string
• Race conditions
• Denial-of-Service errors
• Privilege escalation
• Weak cryptography
• Unsecured network communication
• Malicious code
• Access control
• Code injection
• SQL injection
• OS injection
• Configuration
• Authentication errors
• Cookies manipulation
  

Vulnerabilities in software is responsible for nearly 80% of all network security breaches. The unstoppable growth of the Internet and e-commerce make software security become an even more critical task. Despite criticality, software are still buggy and vulnerable to all kind of attacks owing to the lack of software quality assurance or security audit.

nForce Solutions offers two methods of software security audit to help you find and eliminate security holes in your software and assure your business continuity: blackbox and whitebox (source code). Blackbox method involves reverse-engineering the software whereas whitebox or source code audit requires our consultants to manual review software source code to uncover vulnerabilities.

The following lists some of the common vulnerabilities that our consultants generally look for:

• Buffer overflow
• Format string
• Race conditions
• Denial-of-Service errors
• Privilege escalation
• Weak cryptography
• Unsecured network communication
• Malicious code
• Access control
• Code injection
• SQL injection
• OS injection
• Configuration
• Authentication errors
• Cookies manipulation
  

Our PITMA Model

The PITMA security framework comprises of the following phases: Policy, Implementation, Training, Maintenance, Auditing. Whether your company is just starting up or has been established and functioning for a long time, PITMA is designed to fit both scenarios. The PITMA security framework gives you a complete security solution so that you don't have to worry about "inadequate security" in any part of your network.

Policy

First stage of the PITMA security framework is Policy. Having a Security Policy is the foundation for a solid and complete security solution. In this stage, nForce Solutions will either:

• Write the necessary security policy for your business if you don't already have one;
• Or verify if your current policy is up to date and current.

Implementation

In order for this stage to be successful, a Security Policy must be existing and current. nForce Solutions will refer to the Security Policy that has been drawn up from the previous stage to implement the security safeguards as directed and agreed upon. This stage includes but not necessarily limited to these steps:

• Firewall implementation and configuration.
• Network/Operating System hardening.
• Intrusion Detection System implementation and configuration.
• Implementation and configuration of other security safeguards in accordance with your security policy.
  

Training

Why is Training in the PITMA security framework? Because nForce Solutions want you to be able to maintain the security posture after the Implementation stage. There's no reason to secure your network infrastructure if you don't know how to maintain it. nForce Solutions understand different people have different needs and different types of training are available to suit your needs. nForce Solutions will:

• Raise security awareness among your users by providing Security Awareness Training (Non-Technical).
• Raise your management's responsibilities toward the overall security posture of your company (Non-Technical).
• Raise your security/system administrators' skills so that the security posture of your company can be improved and maintained.
  

Maintenance

nForce Solutions will maintain the security of your network for a period of time (To-Be-Determined upon agreement/contract). The maintenance stage is to verify and assure that your network is operating in a predictable and secure manner. At this very stage, nForce Solutions will:

• Make the necessary updates to your Network/Operating System.
• Make sure that changes or updates to your Network/Operating System do not in fact introduce any new vulnerabilities.
• Install additional security countermeasures if deemed necessary.
• Maintain the security state of your network.

Auditing

Auditing is the final part of the PITMA security cycle, yet it also plays a very important role. Auditing is to verify the correctness of the implemented security controls by performing various security audit against your network to identify weaknesses. nForce Solutions will continuously perform security audit against your network for a period of time (To-Be-Determined upon agreement/contract). At this stage, nForce Solutions will make sure:

• The implemented countermeasure does what it promises (as directed in your Security Policy).
• All errors and omissions are addressed during the audit and will be corrected after the audit.
• Additional security controls are implemented to address the issues/findings.
• All additional changes and findings are reported to your Management.
  

This is your one stop complete security solution. You will enjoy the full security services given by PITMA. You will get everything done from A to Z (Risk Assessment, Security Policy Writing, Penetration Testing, Security Training, Security Implementation, etc.). If you're now convinced that PITMA is right for you then please do not hesistate to contact us for quote.