New Risks

With the recent shift towards Internet-related operations, many organisations tend to rely more and more on the Internet for doing business and connecting with their customers. As a consequence of this shift, organisations have opened themselves up to a host of new security vulnerabilities, such as infected E-mails, distributed denial-of-service (DDoS) attacks, and information pilferage by outsiders. These abstract security vulnerabilities introduce real business risks that can negatively influence a company's process flow and line-of-business -- and in some cases can even put a company out of business (like Cloud Nine, the UK ISP that was forced to close its doors in early 2002 after a prolonged DDoS attack).  According to the 2005 CSI-FBI Computer Crime and Security Survey, 56% of American firms reported unauthorised use of their organization's computer systems in 2004.  Another FBI study estimated the cost of computer-related crimes for US organisations alone to be approximately $67 billion/year -- not including more than $52 billion cost to consumers of identity theft.

Besides the external threat of process interruption, another threat lurks on your network...within your network. It's now popular knowledge that the main security threat comes from within the organisation itself, that is, from the end users who already have legitimate access to certain parts of the system. Security experts have estimated repeatedly that up to 70% of all network intrusions had inside help.  This is only logical, as internal users frequently have access to privileged internal information, making potential system attacks easier to perform.  And of course, the effectiveness of "social engineering" attacks (where an attacker tricks users into giving away security information) has now become legendary.  It is therefore of the utmost importance to pay attention to not only security measures germane to the outside world, but to internal security measures as well.

Security as a Process

Quest Consultants can design, test and implement a solid security framework to minimize security risks for an organisation, taking into account the current network design, possible future network changes, and communication processes.  In addition to supporting well-known Cisco Secure technologies, such as the PIX firewall and Intrusion Detection systems, Quest also supports CheckPoint Firewall-1, which is by far the most highly deployed firewall today. Quest has helped design and roll out numerous VPN configurations based on standards such as IPSec, PPTP and L2TP, in conjunction with different suppliers of authentication technologies, such as RSA SecurID, Vasco Digipass, and Funk Software’s Steelbelted RADIUS.

Technical expertise and state-of-the-art techniques (and of course common sense!) are combined to produce a tailored security implementation that covers not only software security, but physical system security as well.  All of these aspects are aimed at one thing:  reducing risk and losses due to events such as server down-time, business process interruption and information exposure.

It doesn't stop here though. Security isn't finished when the security framework is designed, tested, approved of and implemented. It is an ongoing process that requires skill and dedication. The way in which the security framework is maintained, re-examined and adapted over time plays a crucial role in keeping your environment secure. Besides constructing a secure framework for your environment, we at Quest Consultants also focus our attention on guidelines for sound security practises that come into play after the security framework is operational, such as:

	Keeping a pro-active approach to system monitoring.
	Updating and patching flaws of the operating system and software that runs on it.
	Conducting regular security audits
	Documenting backup procedures and incident response techniques, in case a system compromise occurs.

Covering this wide range of security aspects, we believe that the security framework will provide the customer with a system that meets the three main goals of being secure, maintainable and operational at the same time.

Products   Proxy Server 2.0 ISA Server 2000 CheckPoint Firewall-1 Cisco PIX Firewall RSA SecurID Vasco Digipass Steelbelted RADIUS    Technologies   Firewall Configuration DMZ Design AD Security Wireless Security PKI Design Server Hardening IPSEC/L2TP/PPTP   Links   Microsoft Security Microsoft ISA Server isaserver.org Cisco PIX Check Point RSA Security Vasco Funk Software Security Focus insecure.org SANS CERT ntbugtraq ntsecurity.net infowar.com Packetstorm CVE Think Geek @stake Counterpane Common Criteria NIST Verisign NSA