Home
  News White Papers Customers
  CA Contact Imprint
Smartcards Secure Networks Security Audits MasterCard Audits PCI DSS Ethical Hacking Computer Forensic Security Concepts Security Management Data Protection PKI Project Management Evaluation Lab Test and Quality Assurance SRC Academy
Secure Networks
Print version

Network and Communication Security

The internal and external business of most enterprises depends directly on intact networks and communication connection with sufficiently dimensioned and effective security precautions. Access to the internet and the use of the services offered via the internet requires protection devices such as firewalls or virtual private networks (VPN). Their installation and operation should be based upon security concepts and appropriate security policies. SRC creates customised concepts for the enterprise's IT-infrastructures and analyses the correct operation of security components' operation in use. By means of an individual risk analysis we examine which kind of protection is required and whether this is already covered. Additionally we check if gaps exist within the already used protection and which risks might be caused by them. For risks, which are classified as not bearable, technical or organisational measures are designed and defined in a security concept. The consulting range of SRC in the field of network and communication security comprises the following issues:
  • consulting according to the model of the IT-Grundschutz Manual (BSI), or the ISO 27000 series,
  • determination of protection needs of existing IT-infrastructures,
  • finding risks from threats and weak points, which result from the current configuration of security components such as firewalls and VPN,
  • assessment of risks with a potential amount of damage and probability of their occurrence,
  • revealing vulnerabilities and threats of the network infrastructure and the system components in use (e.g. LANs, WLANs, router, firewalls, PC, notebooks, server operating systems, software),
  • regular auditing of systems and infrastructures by penetration tests (on and off site) and other attacks (Ethical Hacking),
  • planning of the architecture, the configuration and the operation of security systems as well as of appropriate business processes in the enterprises (security policies) in the context of the creation of an company-wide security policy,
  • advise on the implementation of security concepts, in particular on the product selection, configuration and the migration into a new environment,
  • forensic analysis: data collection, data investigation and data evaluation for the production of court-useable proofs, e.g. log file analysis.
SRC has developed the Balanced Information Security Concept to define security risks, security policies and security infrastructures on the basis of best practice methods and to realise an IT security management system based on this.
Top Copyright © SRC Security Research & Consulting GmbH