Security

Eclectiq Technologies provides security audit and consulting services. A security examination involves vulnerability testing of Internet-connected networks, checking for new security vulnerabilities and configuration errors caused by system and network maintenance. The service detects all hosts within an Internet address range and then performs a methodical examination of the detected hosts, applying tests for common misconfigurations and security weaknesses in all the services being offered.

A two-factor security audit is available to establish your perimeter security profile.

In addition to the external vulnerability testing, a configuration audit of your web servers and associated application and database servers is also provided. For further testing of your web presence, an internal audit of the web, application, and database server systems, network firewall configurations, and review of dynamic server-side code for security exposures is recommended. The fee for the internal audit depends upon the number and complexity of your servers.

A basic security examination has many valuable aspects, including:

• Automated host detection - Eclectiq Technologies does not need to be informed of network topology for the external security audit
• Firewall mapping - Shows services unintentionally exposed by maintenance or configuration errors
• Comprehensive - The security audit usually uncovers several critical security issues that should be dealt with immediately. Other changes recommend to address less serious exposures or unsafe practices can be scheduled for introduction based on your release management timetables.
• Accurate - We remove as many false positives as possible.
• Non disruptive - Denial of Service exploits reported, but not executed and test load is controlled so as to not degrade user experience.
  
  Maxtrix of Eclectiq Technologies'
  security offering
  
  
  

  	Dedicated Server Monitoring	Network Investigation	Penetration Test & Audit
  Testing mechanism	Automated	Automated	Programmed sequence of tests with expert intervention and interpretation
  Number of machines tested	Single Machine	Network	Network
  Test Frequency	Weekly	Weekly or Monthly	Single
  Service vulnerabilities	All visible services	All visible services	All visible services
  Denial of Service (DoS) detection	Yes, including machine, service and protocol specific	Yes, including machine, service and protocol specific	Yes, including machine, service, protocol and application specific
  Information disclosure checks	Partial	Partial	Yes
  Source code reviews	No	No	Yes
  Application Checks	No	No	In-depth
  Analysis report	Automated	Automated	Written by expert
  Report Delivery	Secure HTTPS publishing	Secure HTTPS publishingSecure HTTPS publishing	Secure HTTPS publishing
  Report Checking	Automated	Reviewed by expert	Reviewed by security team
  SSL certificate checks	Yes	Yes	Yes
  Web-pages examined - depth - time limit	500 pages - 3 levels - 30 minutes	500 pages - 3 levels - 30 minutes	Site dependent - site dependent - site dependent
  Web-page analysis	Yes	Yes	Yes
  Search for broken links	Yes	Yes	Yes
  Search for broken images	Yes	Yes	Yes
  Detection of directory indexes	Yes	Yes	Yes
  CGI vulnerability tests	Extensive	Extensive	Extensive, including application specific
  Test for script source visibility	Yes	Yes	Yes
  Detection of Operating System	Yes	Yes	Yes
  ICMP checks	Yes	Yes	Yes
  Windows NT checks	Yes	Yes	Yes
  TCP & UDP port tests	Time-limited	Time-limited	Yes
  Stealth testing	No	No	Yes
  DNS spoofing	No	No	Yes
  RPC testing	Yes	Yes	Yes
  Initial Sequence Number prediction	No	No	Yes
  FTP abuse checks	Partial	Partial	Yes
  SMTP relay checks (spam)	Partial	Partial	Yes
  LDAP checks	No	No	Yes
  DNS and bind checks	Partial	Partial	Yes
  SMB/NetBIOS checks	Partial	Partial	Yes
  NFS checks	Partial	Partial	Yes
  NIS checks	Partial	Partial	Yes
  Password guessing	Partial	Partial	Yes
  WHOIS checks	No	No	Yes
  Domain checks	No	No	Yes
  Spoofing Checks	No	No	Yes