Comprehensive security audits of networks and systems
We can provide a comprehensive system audit that includes
the following and correct any problems or recommend changes:
Most Linux systems have a wealth of software installed and
running. Many of these are considered insecure. We identify
and remove unneeded services, greatly reducing the likelihood
of a break-in. Frequently clients do not even realize that
they are running insecure yet unused services. This is because
all popular Linux distributions install these services automatically
without even warning you about the security dangers.
Is your system being used to crack another system? One customer
recently received a call from a foreign government as the
customer's compromised systems were being used to attack
that government's computers. We offer egress filtering when
we install Firewalls. This prevents any of your compromised
systems from being used to attack other organizations or
other parts of your organization.
Many cracker tools include programs that listen on a known
port for commands from the cracker. Their existence is usually
masked by installing Trojaned system commands like 'inetd',
'ps', and 'netstat'. The tools we use for detecting services
running are of our own design and construction, and have
gone through several security audits done by outside auditors.
They will find the Trojans.
We can scan your network the way the crackers do. The quick
non-destructive procedure will determine what they can see
and therefore attack. We can also do a more in-depth scan
that will analyze for old versions of servers and operating
systems including Windows, Linux, Macs and Unix. Most clients
are shocked by what is accessible from the Internet and how
vulnerable they are. This is
point for securing the network and making non-servers invisible.
We check all files on your systems for incorrect permissions
and ownership that will allow unauthorized access to your
system or viewing or changing of confidential data. Even
a standard install from a recent Linux distribution will
have files with incorrect permissions.
Many Linux and Unix systems are compromised because they
are running software that have known exploits. Is your software
current? Horizon is familiar with all popular versions of
Linux and is an active member in the security community.
We wear white hats. Our audit includes an extensive review
of your distribution and can apply any and all security related
patches and upgrades, with your permission, of course.
Services dispersal and configuration for better security
Some services are more likely to be broken into than others.
Running these services on the same system with other services
that are more critical or which involve confidential or important
data risks these other services being compromised too. Moving
these "risky" services to different systems will
protect the other services against compromise. Sometimes
all that is required is minor configuration changes to existing
systems to protect against this compromise "domino" effect.
Our familiarity with the wealth of Linux distributions available
has allowed us to develop kits that quickly match file sizes
and checksums of key system commands to determine if they
have been compromised by a system cracker.
A common cracker technique is to install Trojaned system
commands that send sensitive data to the cracker, or mask
the existence of cracker tools.
While Linux does not suffer the vast security problems that
plague Windows (TM) systems, it is not immune. The first
high profile worm was developed on Unix systems and replicated
through the mail system. The Raman Linux worm has
attacked Red Hat systems, causing web servers
to be defaced and made useless until repaired.
Is your system secure? A few minutes of detection each day
can save you hours of reconstructive work and embarrassing
publicity later. Horizon Network Security can help you choose
and install the right solution for your requirements.
Web Script Analysis
Many exploits of web sites are facilitated through insecure
web scripts. The staff at Horizon Network Security
will examine your scripts for vulnerabilities. In addition
to the C and C++ programming languages, we have expertise
in Java, Perl, PHP, Python, Shell and several other popular
suitable for executive-level viewing