Network Assessment - a network audit aimed at determining the level of risk to an organization from network based attacks. This includes external and internal network port and vulnerability scans, onsite visits, review of your network architecture against industry best practices.
Security Incident Response - assist in responding to incidents systematically so that the appropriate steps are taken to recover quickly and efficiently from security incidents while minimizing loss or theft of information and disruption of services. Handling specific types of security incidents:
- Denial of Service (DoS) - an attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources
- Malicious Code - a virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host
- Unauthorized Access - a person gains logical or physical access without permission to a network, system, application, data, or other IT resource
- Inappropriate Usage - a person violates acceptable use of any network or computer policies
- Multiple Component - a single incident that encompasses two or more incidents; for example, a malicious code infection leads to unauthorized access to a host, which is then used to gain unauthorized access to additional hosts.
Standard used - NIST SP 800-61 Revision 1, SP 800-83
Proxy/Content Management - monitor and run the proxy server for ADOA including URL filtering and packet filtering for the workstation IP address space. Also reviews logs for Intrusion Detection and Prevention on the devices.
Network Switch Management - configure and monitor switches in the ADOA Data Center and DR Site. Configuration includes design of VLANS, IP Routing and security of LAN.
Intrusion Detection - manage a Tripwire server environment that customers may use to monitor change control on servers. Tripwire is an intrusion detection and data integrity product that allows you to construct a "baseline" server state representing optimal settings. Tripwire does not prevent breaches, but rather compares current state with desired state to determine if any accidental or deliberate changes have occurred. If changes are detected, they can be rolled back with minimal interruption of services.
Network Firewall - perform the following for the firewalls in the ADOA Data Center and DR Site:
- Configure and provision devices
- Monitor health and security events 24/7
- Notify customers of major security and health issues and provide event descriptions, context, and high-level remediation
- Perform upgrades and patch management
- Change firewall rules
- Correlate firewall log data with information collected from other managed devices
- Forward firewall logs for archiving and forensics
- Integrate new product enhancements when released by vendors