Axian: Software consulting and training
Home Press Publications About us Contact us
Software engineering
Information systems
  Security
  More Details
 
• 
Proactive
    Reactive
    Forensics
    HIPAA
Rambunctious Digital Studios
Training and mentoring
Litigation consulting

 

 

 

Go

 

 

Preventive measures
Axian's Security Officer is an excellent security consultant and project manager. He has a well-defined process and a clear-cut plan. He is practical, responsive, prompt with client communication and available on short notice. He has great presentation skills. Though he can be very technical when necessary, he can also easily adapt to his audience's language.


--

 


Vandana Kumbla,
Project Manager
Rapidigm
 

The optimal approach to security is to begin with the best design, implementation and operation of security measures possible. We can help with every step of the security plan, including thorough security testing. We have technical staff members with more than 20 years of Internet experience, including private investigators and system designers for Fortune 500 companies. Axian offers solutions that contain true security from a thorough systems approach, as opposed to a single component level.

Here is a sample of the proactive security services we offer, followed by more detailed descriptions of some services:

Environments

  • Networks and network design
  • Systems, workstations or products
  • Wireless services
  • Policy, procedures, authorization, authentication
  • Risk assessment
  • Audit (targeted or comprehensive) and recommendations
  • Penetration testing
  • System or product reviews: code reviews, writing secure code
  • Training (protect your company; know what questions to ask)
  • Consulting (Axian can be your security general contractor)

Description of services

Penetration testing

The goal of penetration testing is to replicate the attack vector from hostiles (hostile is the term we use for anyone attacking or disrupting your network). To analyze the network security of an enterprise, we recommend a three-phase analysis strategy:

  • Phase I: Simulated external attacks
    This phase is intended to simulate the hostile's attack by utilizing publicly available data sources and network analysis tools as well as some proprietary software. While we endeavor to identify all holes in a network design at this stage, it is impractical to attempt to penetrate all possible ports under all conditions.
  • Phase II: Simulated internal attacks
    By simulating a hostile employee or a successful external hostile attack, we can scan machines as a local network user. We attempt to obtain root access, plant Trojans and sniff out other passwords.
  • Phase III: Implementing recommendations
    This phase may include supplying revised network and security designs, upgrading software or reconfiguring existing servers based on the recommendations of the final report.

System auditing

System auditing involves on-site or remote security and program auditing of systems. In a security audit we establish a checklist for the client's systems. Then we cross reference each machine against the checklist and follow up on any issues we find.

Software testing

Software testing utilizes various techniques to test the security and stability of a software application, server package or entire system. We report on the various vectors of attacks for the software in question. We also conduct source code testing and cryptography checking.

Database system design and integration

Axian utilizes its experience with Fortune 500 companies, government installations, banking and other security work to produce systems that are not only secure, but properly integrated for both internal and external users, especially if the external users are accessing via a Web interface.

Managed services

Axian can take the mystery out of managing security services like VPNs, firewalls, disk encryption, anti-virus, DNS servers, mail servers, proxy servers and more. Your workstations get the same protection as before, with the added benefit of being run by experts. This increases the quality of your security services and decreases employee time spent learning new systems.