 |
Security & Consulting Services |
Professional Consulting Security Services |
We offer comprehensive penetration testing to secure your information assets from attackers both inside and outside your Infrastructure. A critical complement to vulnerability scanning, penetration testing proves the extent to which vulnerabilities can be exploited by emulating what a hacker may do in a controlled and methodical manner. Our reports are manually written for a complete risk perspective. We offer: |
| |
- Black Box Testing (Zero Knowledge)
- White Box Testing (Complete Knowledge)
- Gray Box Testing (Combination of Both of the above)
|
Why would you need a penetration test? |
A study, released by the Ponemon Institute in October 2006, vii found that information losses cost U. S. companies an average of $182 per compromised record, an increase of about 31% from 2005 ($138 per record). http://www.ponemon.org/about.html |
Benefits of a Penetration Test |
- Intelligently manage vulnerabilities
- Avoid the cost of network downtime
- Meet regulatory requirements and avoid fines
- Preserve corporate image and customer loyalty
- Justify security investments
- Satisfy prerequisites for cyber security insurance.
|
Vulnerability |
Vulnerability Assessments help analyze your business risks. Mile2 will identify security holes and vulnerabilities within an organization’s infrastructure.
Different to penetration tests, where the objective of the test is to compromise or circumvent a system’s controls by emulating a hacker. The purpose of a vulnerability assessment is to identify security holes and vulnerabilities without penetrating the system with an exploit technique. After completion of the vulnerability assessment, Mile2 will produce detailed reports which enable our clients to manage and remedy the discovered vulnerabilities. The test are conducted on both External and Internal systems. Skills used by Social Engineers to facilitate the extraction of information from an organization using technical and non-technical methods. Computer fraud, black-hat hacking, cyber-terrorists; these new phrases describe an innovative generation of criminals that use over-the-wire technology to attack us, steal from us and terrorize us. However, the best tool in their arsenal is not new. It is only used by the most experienced, the most dangerous the boldest hackers. It is called Social Engineering. It simply means deception. Does it work? Can seemingly smart people be easily deceived? Kevin Mitnick, who served five years in prison for repeated hacking said in testimony before Congress on the subject of Social Engineering, “I was so successful with that attack that I rarely had to resort to a technical attack.” |
|
Computer Forensics - Digital Forensics |
| |
| The simple definition of Computer Forensics is a technological, systematic inspection of the computer system and its contents for evidence or supportive evidence of a crime or other computer use that is being inspected. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. One definition is analogous to "Electronic Evidentiary Recovery, known also as e-discovery, requires the proper tools and knowledge to meet the Court's criteria, whereas Computer Forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Computer forensics experts investigate data storage devices; these include but are not limited to hard drives, portable data devices (USB Drives, External Drives, Micro Drives) and many more. |
| |
| Computer forensics experts: |
| |
Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law. |
| |
| Identify sources of documentary or other digital evidence. |
| |
- Preserve the evidence.
- Analyze the evidence.
- Present the findings.
|
Social Engineering - The Human Factor |
| |
Skills used by Social Engineers to facilitate the extraction of information from an organization using technical and non-technical methods. Computer fraud, black-hat hacking, cyber-terrorists; these new phrases describe an innovative generation of criminals that use over-the-wire technology to attack us, steal from us and terrorize us. However, the best tool in their arsenal is not new. It is only used by the most experienced, the most dangerous the boldest hackers. It is called Social Engineering. It simply means deception. Does it work? Can seemingly smart people be easily deceived? Kevin Mitnick, who served five years in prison for repeated hacking said in testimony before Congress on the subject of Social Engineering, “I was so successful with that attack that I rarely had to resort to a technical attack.” |
AUDITING AND EDP |
| |
The second standard of field work requires that Mile2 obtains a sufficient understanding of the client’s internal controls (I/C) to plan the audit and assess control risk. Mile2’s assessment of control risk shows that by performing substantive testing, your organization can reduce excessive audit costs. When EDP is used in significant accounting applications, then your organization must consider the effects the computer has when evaluating the internal controls. |
| |
| The Mile2’s auditor’s approach to considering I/C is the same in a computerized environment as in a manual environment: |
| |
- Obtain and document understanding of the internal controls
- Assess control risk
- Perform tests of controls
- Reassess control risk
|
Mile2’s EDP AUDIT TECHNIQUES |
The EDP audit techniques described below may be appropriate for doing tests of (internal) controls or substantive tests of a client's data. The purpose of the test determines whether it is a test of controls or a substantive test. Techniques which use the computer to aid in auditing are sometimes called CAATs--Computer Assisted Audit Techniques. |
| |
EDP Audit Techniques Common in a Batch Processing Environment |
| |
A. Test data (test deck) approach--auditor’s data, client’s software
B. Parallel Simulation-auditor's software, client's data |
| |
| EDP Audit Techniques Common in an On-line Real-time Environment |
| |
A. Integrated Test Facilities (ITF)--(mini-company approach)
B. Process tracing software
C. Tagging Transactions - also called the “Snapshot approach” |
| |
