Security should begin in the planning stages, even before a projects starts.
- Information should be classified according to who should have access, how it can be
accessed (network pipe, email, fax, snail mail, ...), how such information can
be transferred, how it should be destroyed, for how long it should be archived,
how it can be stored, ...
- Applications should be designed to not only achieve their function, but to also
keep in mind the standard places insecurity occurs: session hijacking, password
sniffing, buffer overflows, race conditions, ...
- Servers should be deployed with full knowledge of what applications can give a local
user higher levels of access, or allow remote users access through daemon applications
into the system, ...
- Policies should be defined for who has access, what type of information is in the
application or server, what other policies are used/effected by the application/server/connection/etc.,
how access is authorized/authenticated, ...
However, like many institutions world wide, applications and servers are rarely built this way.
For this reason, DMZ Services, Inc. offers a full range of Security Assessments. Ranging from
a simple Internet Penetration test or Application Code Review to Multi-Site Electronic, Physical,
and Social Engineering Intrusion Assessment. All Assessments are followed up with full in depth
Reports and optional Policy/Information Definition and Documentation.
Contact us if our specialized consultants
can help assess your security problems.