In response to a recent spate of attacks on South African Web sites, security testing vendor IS Digital has designed three security testing services to help IT departments strengthen their Internet security.
The hacked sites include 17 gov.za sites, which were successfully attacked two weeks ago due to a missed patch on a newly-deployed server.
It is estimated that 90% of this type of attack could be prevented.
One of the services, branded "Security Check - New Install", is designed to give the "thumbs-up" to new server deployments from a security perspective, says IS Digital MD Barry Cribb.
"All too often new servers are deployed under the pressure of business deadlines, which can lead to simple oversights in server-build or configuration, which make them vulnerable to attack. It`s not that IT staff are unaware of the vulnerabilities, but patches can be overlooked or configuration errors made.
"Security Check - New Install, provides an independent double-check for such circumstances, much like having someone proofread an article before publication," Cribb explains.
Compliance embarrassments
Other services give IT managers the option to have regular checks performed on both their public-facing and internal systems, which help ensure that no nasty surprises are uncovered at the annual security audit or penetration test, Cribb states.
"Regular auditing and penetration testing is now required as part of many companies` SOX or ISO 17799 compliance and can cause embarrassment to IT departments if overlooked vulnerabilities are uncovered. These services help ensure your security is up to scratch and demonstrate adherence to best practice in the area of IT risk management.
"Regular ongoing vulnerability testing is far more beneficial and simpler to manage than a big bang approach once every 12 months. Technical staff often struggle under the load of patching and the number of configuration changes required when results are received from a once yearly test."
Please click here click here for full details.
Related stories:
Forgotten patch led to govt site hack
SA govt sites hacked
Share
