Behind the scenes
The workhorses of most networks are their servers. Without servers, your employees and clients would not be able to transfer information in an efficient, centralized way. Leaving your company servers unprotected or not keeping up with security updates runs you the risk of losing whole operations. Having your web applications secure can sometimes be not enough, which is why it is important for you to have extra layers tested, and that means your server’s operating system must be capable of running your applications. If this is overlooked, doors left open at your OS level are usually the most attacked and vulnerable to malware, and your system is likely nowhere close to secure.
It is relatively easy for an attacker to find vulnerabilities at the OS level and work escalations towards your critical applications. Keeping this in mind, I keep continual checks on new malware attacks, most of which look for control over a node for full control at root, rather than exotic web applications. Of all the facets of network security, looking for a way to keep a box secure from compromise is the most fascinating and challenging part of the job. As programmers continue to hone their craft of coming up with need development, it’s up to penetration testers to see holes and provide reports consistent with the evolving nature of information technology.
Firewalls are the defenders of your network. A poorly configured or “out of the box” firewall can lead to disaster since many security firewalls and SoHo (Small Business and Home) routers have default settings that allow access or offer up information about your network that you might not want advertised. While performing audits on your firewalls, I will give you a detailed report of any ports you have open, the service running on it, and any known vulnerabilities so you can either shut down unneeded open ports or upgrade to a more secure public firmware for your device.
Database servers such as Microsoft Sql Server or MySQL are the gold mines of information on the Internet. These servers should be protected at all costs, as they hold tables of your business’ and clientele’s information. Sql Injection is a technique attackers use to exploit the functionality of your server to offer up information that would not normally be a valid operation. Databases also work with CMS systems through PHP, which is a language that allows the database to serve up data to your website or application. This means if your SQL server is compromised or defaced, there follows the kitchen sink of your data. I perform highly-complex techniques to make sure the data stays intact and secure, to continue to be the backbone of your network.