The optimal approach to security is to begin with the best design, implementation and operation of security measures possible. We can help with every step of the security plan, including thorough security testing. We have technical staff members with more than 20 years of Internet experience, including private investigators and system designers for Fortune 500 companies. Axian offers solutions that contain true security from a thorough systems approach, as opposed to a single component level.

Here is a sample of the proactive security services we offer, followed by more detailed descriptions of some services:

Environments

• Networks and network design
• Systems, workstations or products
• Wireless services
• Policy, procedures, authorization, authentication
• Risk assessment
• Audit (targeted or comprehensive) and recommendations
• Penetration testing
• System or product reviews: code reviews, writing secure code
• Training (protect your company; know what questions to ask)
• Consulting (Axian can be your security general contractor)

Description of services

Penetration testing

The goal of penetration testing is to replicate the attack vector from hostiles (hostile is the term we use for anyone attacking or disrupting your network). To analyze the network security of an enterprise, we recommend a three-phase analysis strategy:

• Phase I: Simulated external attacks
  This phase is intended to simulate the hostile's attack by utilizing publicly available data sources and network analysis tools as well as some proprietary software. While we endeavor to identify all holes in a network design at this stage, it is impractical to attempt to penetrate all possible ports under all conditions.
• Phase II: Simulated internal attacks
  By simulating a hostile employee or a successful external hostile attack, we can scan machines as a local network user. We attempt to obtain root access, plant Trojans and sniff out other passwords.
• Phase III: Implementing recommendations
  This phase may include supplying revised network and security designs, upgrading software or reconfiguring existing servers based on the recommendations of the final report.

System auditing

System auditing involves on-site or remote security and program auditing of systems. In a security audit we establish a checklist for the client's systems. Then we cross reference each machine against the checklist and follow up on any issues we find.

Software testing

Software testing utilizes various techniques to test the security and stability of a software application, server package or entire system. We report on the various vectors of attacks for the software in question. We also conduct source code testing and cryptography checking.

Database system design and integration

Axian utilizes its experience with Fortune 500 companies, government installations, banking and other security work to produce systems that are not only secure, but properly integrated for both internal and external users, especially if the external users are accessing via a Web interface.

Managed services

Axian can take the mystery out of managing security services like VPNs, firewalls, disk encryption, anti-virus, DNS servers, mail servers, proxy servers and more. Your workstations get the same protection as before, with the added benefit of being run by experts. This increases the quality of your security services and decreases employee time spent learning new systems.