When it comes to security, there are many different aspects that help provide and create a secure computing environment. Rhapsody Solutions specialize in auditing computer networks to help make you aware of all the possible vulnerabilities that may be present in your environment. After identifying these problems, we can develop a remediation plan that helps secure these problems and contain your valuable information that may be compromised under your current configuration. Rhapsody Solutions uses state of the art tools to not only find these problems but, help solve them as well. We can develop a network wide security plan that once implemented, will give you the piece of mind you need.
Rhapsody Solutions supports and works with all leading hardware and software solutions to provide you the best overall approach to your security needs. We are vendor independent so we will never just push a product to solve your problems. You can be assured our goal is to provide you the solution that is right for your circumstance.
Rhapsody divides security into five service areas:
Network Architecture Review
Assesses network infrastructure design and configuration for deficiencies that would expose the organization to risk. A Network Architecture Review engagement is focused on the architecture of the network, with an emphasis on identifying and analyzing the effectiveness of security controls present in the network. The objective of a Network Architecture Review is to analyze the effectiveness of network security controls, identify weaknesses, and make recommendations for improving the security posture of the network.
Platform Vulnerability Assessment
We assess an organization's information technology infrastructure for device and service vulnerabilities resulting from unpatched or misconfigured services. This assessment is focused on layers 2-4 of the OSI model, and can help an organization identify potential attack targets, or devices and services which may expose an organization to unacceptable risk. Platform Vulnerability Assessments can also help an organization identify devices or services which are not configured according to the organization's standards, have unauthorized services running, or may have already been the target of an attack. Assessments can be conducted from either an external (Internet-based) or internal perspective. The duration of a Platform Vulnerability Assessment depends on the number of devices in the scope.
Web Application Security Assessment
Assesses the security of custom -developed or off-the-shelf web applications. The review consists of a Platform Vulnerability Assessment of the supporting infrastructure and functional security testing of the application. Functional security testing involves accessing the web application from an authenticated user's perspective. The goal of a Web Application Security Assessment is to ensure security controls in the application can not be subverted. A typical Web Application Security Assessment tests the target web application for common problems resulting from input validation problems such as Cross Site Scripting and SQL Injection, as well as more subtle problems such as authentication and authorization defects and session management flaws. Rhapsody uses a variety of automated and manual testing techniques to thoroughly test the target application. Web Application Security Assessments are focused on layers 3-7 of the OSI model. The duration of this assessment depends on the size and complexity of the application and the number of user roles which are in scope for the assessment.
Penetration Testing
Assesses the effectiveness of the organization's security posture against a targeted and motivated attack. Penetration testing is a more acute and higher-intensity assessment that simulates a targeted real-world attack by motivated threat agents. Penetration testing is most beneficial to an organization which has already undergone some amount of Platform Vulnerability Assessment, and is seeking to validate controls put in place to mitigate risk. Penetration testing may include testing controls at layers 1-7 of the OSI model, depending on the scope of the engagement. Penetration testing begins similarly to a Platform Vulnerability Assessment, but vulnerabilities may be exploited in order to gain additional access to the network or devices. The duration of a Penetration Testing engagement depends on the objectives of the test, and the number of devices in scope.
Wireless Vulnerability Assessment
Assesses the security posture of an organization's wireless network. A Wireless Vulnerability Assessment provides an organization validation of current security controls protecting the wireless network, and provides a point in time assessment of the risks posed by the wireless network. A Wireless Vulnerability Assessment will help an organization identify potential risks due to unauthorized access to the wireless network, unauthorized monitoring of wireless communications and other wireless vulnerabilities. Recommendations for improving the security of the wireless network will be identified in the final deliverables. A Wireless Vulnerability Assessment engagement will focus on layers 1-4 of the OSI model. All components of the wireless system are examined including: wireless access points, client configuration, and supporting infrastructure such as authentication servers, and access control devices. The duration of a Wireless Vulnerability Assessment depends on the scope of the engagement and size of the wireless network deployment.
Deliverables
Rhapsody Solutions will present the results of the assessment to the client via highly detailed reports of findings. The report of findings includes details of the findings, impacts, risks, and recommendations. Rhapsody's Assessment Reports communicate to each level of management; executives, business owners, developers and operations staff. Additionally, Rhapsody consultants are available for knowledge transfer to ensure that all findings and recommendations are clearly communicated.
