Security Services

Tool Scanning

  • ▪ The tool evaluation section will be conducted using network-based, host based, and database based scanning software.

Manual Baseline Assessment

  • ▪ The manual baseline assessment is conducted by experienced security experts. With authorization and supervision from relevant personnel, the experts perform the following checks on the server system:
1. Confirming previous system compromises – Investigating potential security breaches to detect if the system has been hacked before.
2. Checking for backdoors – Identifying any unauthorized access points that might have been set up by attackers.
3. System patching – Ensuring all system patches are up to date to close vulnerabilities.
4. System account review – Verifying account configurations and permissions to prevent unauthorized access.
5. File system integrity – Inspecting the file system for potential threats, unauthorized modifications, or inconsistencies.
6. Network and services examination – Ensuring network configurations and services are secure and free from vulnerabilities.
7. System configuration files – Reviewing configuration files for misconfigurations that could lead to security issues.
8. NFS or file system sharing checks – Identifying improper file sharing settings, such as open NFS shares, which could expose data.
9. Audit and log analysis – Reviewing system logs for any suspicious activity or irregularities.
10. System backup and recovery evaluation – Ensuring that proper backups exist and recovery mechanisms are in place in case of failure or attack.
11. Application system review – Verifying the security of installed applications and checking for vulnerabilities.

Penetration Test

  • ▪ To understand the security status of the host system, penetration testing will be conducted within the scope of permission and control.

Management Audit

  • ▪ As part of the security assessment, the strategy evaluation will identify and analyze weaknesses in the client’s strategy document, providing a clear view of the current security strategy’s strengths and areas for improvement.

Application Audit

  • ▪ Covers business processes, application software security features, security assurances, and other related aspects.

Risk assessment results

  • List and analysis results of information assets: Clearly define the enterprise's system and network information assets, clarify their security goals for confidentiality, integrity, and availability, and determine the important categories of assets; If necessary, an internal information asset database can be established within the enterprise;
  • System and Network Vulnerability Report: Identify potential vulnerabilities in server systems, network devices, network structures, and security equipment;
  • System and Network Vulnerability Report: dentify potential vulnerabilities in server systems, network devices, network structures, and security equipment;
  • System and Network Threat Report: Analyze the current potential threats based on existing weaknesses, and the impact on business, systems, and networks after the threat occurs;
  • Security Status Report: A comprehensive analysis report based on risk, clarifying the current network security risks;
  • Suggested security measures: From a technical and management perspective, propose security controls throughout the entire lifecycle of the system (planning, design, construction, implementation, operation, and improvement).