packages

PROFESSIONAL SERIES OF BUNDLED SERVICES

These are some concise, focused packages provided by the security team. Each package can be a stand-alone service sold to a client, or can be combined to provide a greater range of services for the client. For example, a client might wish to purchase both the Professional System Audit and Professional System Armor Installation. Each package is also designed to be sold on a per host basis, again with the option of discounting volume purchases. Services not listed within the following packages would be considered custom services, and would be billed at the hourly rate.

I. Professional Firewall Installation

As part of the Security Infrastructure Design key area, our security team will plan, develop, and implement a Firewall to protect the client's network. This package combines the following services:
- Level One External Network audit
- Disksuite disk mirroring (for high availability of the firewall host)
- Installation and configuration of the Firewall-1 software
- Post installation Level One External Network audit
Click here to download a contract in Word97 format.

II. Professional System Audit (per system charge)

As part of the Networks and System Audits key area, our security team will audit the clients high-end servers. This package is a Level One (non-intrusive) or Level Two (intrusive) audit of one system, and includes the following:
- Password integrity check (Crack, etc.)
- Network trust relationship check (SATAN, strobe, etc.)
- System integrity check (COPS, ISS, etc.)
- System weakness exploitation tests
- Results documented
Click here to download a contract in Word97 format.

III. Professional System Armor Installation

As part of the System and Network Armorers key area, our security team will secure high-end servers. This package contains the following steps:
- Level One audit (non-intrusive)
- Securing inetd-based services (review necessary services, disable the
rest, setup logging of inetd)
- Installation of the TCP wrappers package
- Logging of failed login attempts
- Configuration of /etc/ftpusers
- Scan for setuid and setgid programs, note all such programs
- sendmail security configuration (smrsh, spam protection)
Click here to download a contract in Word97 format.

IV. Professional Network Armor Installation

As part of the System and Network Armorers key area, our security team will secure the client's network. This package includes the following tasks:
- Level One audit (non-intrusive)
- Router ACL configuration and testing
- WAN link encryption (Cylink, etc.)
- VPN configuration
Click here to download a contract in Word97 format.

V. Professional System Backup Installation

As part of the Disaster Recovery key area, our security team will develop and implement a backup solution. This package combines the following services:
- Backup and recovery audit (software, hardware, procedures)
- Backup and recovery procedure creation
- Configuration of backup hardware
- Installation and configuration of backup software (Legato)
- Post installation audit and verification
Click here to download a contract in Word97 format.

Definition of a Level One Audit

- Non-intrusive

- Discovery of potential weaknesses

- Ascertain current state of system or network

- Analogy: "A burglar casing the house, turning door knobs, checking for alarm systems."

Definition of a Level Two Audit
- Intrusive
- Attempt to exploit discovered weaknesses
- Analogy: "A burglar disables the alarm, breaks a window, gets inside."

Return to Information Security