Information Security Consulting Case Study 1
Information Security (Vulnerability Assessment and Penetration Testing)
Client:
A leading automobile dealership in Bahrain
Problem statement:
The client has sensitive data, critical to their business and wanted to have a comprehensive risk assessment and mitigation exercise done to protect this information. As a first step, they wished to perform a regular technical risk assessment exercise which will identify threats to their technology information assets and recommend steps to mitigate those risks. The possibility of an intruder getting into the private network had to be assessed. The client needed assurance with regard to the protection measures in place for accessing information via the Internet.
Application / Solution:
Elite Technologies Middle East recommended conducting a penetration testing and vulnerability assessment of the client’s IT environment. Elite has certified ethical hackers who conduct the penetration testing exercise. Recommendations for the vulnerabilities existing were provided to minimize the risk involved in information leakage or the privacy of data. Elite used the OSSTMM and OWASP standard methodology as references for penetration testing. Tools like Nessus, NMAP, ISS among others were used for gathering data and scanning.
Benefits:
- The client had security devices like firewall, IDS, IPS installed however these systems had to be configured properly to prevent passing on any information that would be helpful to potential hackers.
- The client was given an analysis of the network and the current level of security it was maintaining.
- Misconfigurations of Servers, that could led to leakage of sensitive data, were corrected immediately.
- The level of policy implementation was also gauged by the results of the penetration test.
- Depending only on firewall implementations is not the answer to privacy. Misconfigurations, exploits, updates, patches, backdoors, disgruntled employees - all are driving reasons for the need for penetration testing. There is no better way to find out the weaknesses in systems than through regular penetration and vulnerability assessment tests
