Security Assessments

Darhaas Global Services International assessment methodology is focused on discovering weaknesses in security mechanisms employed by the client that protect the information contained within their network. The assessment process identifies inconsistencies between corporate security policy and deployed information security controls. Assessments are applicable to any situation where information is shared and should be protected from unauthorized access.

The Darhaas Global Services International assessment team will analyze client-implemented security controls, attempting to gain access to the client network by bypassing the deployed access control mechanisms. Auditing, data integrity, access control, identification and other security controls will be analyzed and verified. Typical assessments are performed in any high-risk and high-value environments such as Internet communications, financial transactions, exchange of medical data and many others. The result of the assessment is a detailed report on the security status of the system audited.

Network and Application Security Design

Design of robust security solutions can, in most cases, be approached by consideration of these basic principles:

• Verification of user’s identity
• Access control to the protected data
• Protection of privacy and integrity of the data transfer
• Auditing of user activity and monitoring of abuse
• Matching redundancy requirements of the protected application
• Adherence to client’s security policy standards

During the design process, our engineers consider the following crucial characteristics of the client environment:

• Value of the information protected
• Environment in which the transactions occur
• Client’s security policy guidelines
• End user computing environment
• Strategic technology direction of the client’s environment
• Client’s budgetary goals for the security solution

Security Policy Development

The purpose of security policy development is to establish an overall framework for protecting client’s valuable data resources. In developing a client’s security policy, Darhaas Global Services International pays a great deal of attention to understanding client’s organization’s business and IT objectives. There is a multitude of issues we consider when designing a security policy:

• Personnel that should be involved in the review and development process
• Resources that should be protected
• Value classification of your assets
• Risk analysis and entities clients which clients wish to protect data
• Internal IT infrastructure
• Internal and external connectivity
• Mobile computing requirements and methods
• Auditing and accountability
• Incident definitions and response procedures
• Business continuity
• Implementation Services

Darhaas Global Services International provides implementation services in following areas:

• Firewalls
• Site-to-site VPN’s
• High Availability/Load Balancing
• Internet access redundancy
• Strong Authentication
• Host and Network Intrusion Detection
• VPN remote access
• Content Verification