Firewall

Firewall technology has emerged as one of the most widely deployed Internet security solutions worldwide, behind antivirus solutions, according to a recent IDC study. The demand for firewalls, software and appliance-based, has increased dramatically due to three major factors:

Increased reliance on the Internet by enterprises for daily business communications, both internal and external.

Companies are increasingly opening up their internal systems to the outside world via the Internet while utilizing firewalls to assist in controlling access.

As companies increasingly utilize the Internet and open their internal systems to others, organizations are exposed to an increasing array of threats, intrusions and risks from outside hackers and employees.

A firewall is a combination of software and hardware that resides between the public and private network and is utilized to monitor and control the traffic between these networks. Firewalls are commonly referred to as “the first layer of defense”, protecting the network perimeter. The firewall inspects packets of data entering a network and enforces pre-set security policies. These policies may include restricting traffic from certain IP addresses, restricting types of traffic either in the inbound or outbound direction for different types of applications. The Firewall is an effective tool to monitor Internet traffic destined for private corporate networks, as well as private network traffic destined for the outside world.

Firewall technology today is a business necessity. It is well established, comes in three major technology architectures and can be implemented on three major platforms. These platforms include software-based firewalls on open systems (i.e.: NT, UNIX, Linux servers, etc.), appliance-based systems, and router-based systems. While all three of these implementation types are acceptable solutions, the implementation will vary among organizations depending on the needs of the organization, and the levels of performance, scalability, and manageability required.

Firewall Solution Partners:

Check Point
Cisco
Sonic Wall
Watch Guard

Internal Security Assessment

Threats, intrusions and attacks perpetrated by hackers abusing the Internet are, without question, on the rise in today's business environment. The security of internal trusted networks may not have been provided the attention it deserves and requires in order to protect your valuable business information. Properly implemented network security controls, from both a management process and technology implementation standpoint, are required to thwart intentional attacks from outsiders, while at the same time minimizing unintentional mistakes from trusted insiders. The key driver in today's Security and Privacy environment is preventing exposure of valuable information assets unnecessarily.

Roy & Roy Inc's Internal Security Assessment focuses on the security controls implemented and in place for your internal trusted networks. The assessment is custom designed to analyze system platforms, routers, bridges, switches, or other network components that provide the security within your organization.

The technology review component consists of "intrusion tests" and configuration analysis to present a thorough understanding of the strengths and weaknesses of your internal network components.

The management review component consists of interviews with administrators and management and the review of documented security policies, standards and processes. This process provides the client with insight into how your organization is prepared to handle the security of your trusted networks against potential threats from insiders who get through your external security controls.

Service covers:

A review of the overall enterprise architecture to determine how effectively it isolates untested outside networks from gaining access to your internal trusted networks and systems.

A review of your internal network design to determine how effectively it isolates insiders based on their business function and need to access your organization's valuable information assets.

A review of the security design of your selected internal network security components (routers, remote access servers, bridges, etc.) to determine if any related functions could cause undesirable security exposures.

A test designed to exercise the security components within the scope of the project in an attempt to gain unauthorized access to portions of your internal trusted network. This test relates the perspectives of a trusted insider or an outsider who has penetrated your external defenses.

A comprehensive review of the security management controls covering policy, organization, personnel, asset classification and control, physical security, access control, network and computer management, business continuity, system development and maintenance, and compliance.

A report describing the strengths and weaknesses found in all areas along with recommendations for short and long term adjustments and improvements.