Keeping Systems Secure
Information systems and communications in the data centre have to be secure. External and internal threats change constantly. Every operator and administrator of IT or data networking equipment must be constantly vigilant. Carefully designed and tested systems may be open for exploitation only months after being implemented. City Lifeline, through a relationship with ZeroDayLab, provides testing, validation and security improvement recommendations.
Network Access
A remote intruder must first access the network that interconnects everything before he can do harm. VPN’s and VLAN’s must be controlled, protected and monitored. Wireless access must be configured correctly. Firewalls must be set up with alarms, and monitoring and logging for all network access established, so that intrusions can be blocked and traced.
Equipment Security and Resilience
An information or communications system comprises many pieces of complex equipment, all software-based and all continuously changing. Tracking and controlling build standards, patches and software versions is a major task, as is authenticating and administering control standards. Any slip provides vulnerability and an entry point for an intruder.
Ethical Hacking
The only way to really test whether a system’s defences are secure is to try to breach them. This is penetration testing or ethical hacking. In its wider form, it includes vulnerability identification and source code reviews as well as attempts to gain unauthorised access for test purposes. It also covers post-intrusion analysis and forensic investigations.
People
Human factors are often the weakest point of any security system, from the junior employee installing a game from an uncontrolled USB stick to the Chief Executive being “socially engineered” to open an innocuous attachment on an email from a trusted colleague. Training is essential to raise awareness and to modify behaviours at all levels to mitigate against social attacks or the careless creation of vulnerabilities.
Keeping Secure
Together, City Lifeline and ZeroDayLab will work with you to examine, test, audit and strengthen the defences of your IT and communications systems. A 360 degree audit is often the best place to start. If training is needed, we can provide it. If there is an intrusion, we can forensically track down what happened, identify any damage and repair it before the next attack. City Lifeline will help you to secure your data, your information and your communications.
