ISR Computing -

Information Security Practice

Comprehensive Application and Network Security Verification

Comprehensive verification is appropriate for Internet-facing or intranet applications that are critical to the business, provide special functions, or that process sensitive information.

ISR Computing has evolved a unique hybrid verification methodology that has proven efficient and cost-effective across a diverse range of applications and industry sectors. Our reviews are efficient because we've integrated code review with automated code analysis, vulnerability scanning, and application penetration testing to allow us to use the most effective technique possible.

Our comprehensive verification uses this hybrid verification approach, combining the strengths of automated scanning, manual code review, and manual penetration testing. This approach makes our reviews more comprehensive and more accurate than any other approach. Our state-of-the-art application security analysis, testing, and reporting workbench allows us to keep costs down while providing very high quality.

ISR Computing has unparalleled experience verifying the security of the code for complex enterprise applications. Over many years, we have tuned our process to be extremely efficient and effective. ISR Computing has deep experience with virtually all modern software environments and frameworks, including Java, .NET, C/C++, ASP, ColdFusion, Oracle, Struts, Spring, Ajax, RIA, and many more.

In some cases, access to the source code or the running application is not possible. We can still verify these applications using the available techniques, and the cost is the same. If you didn't develop the code yourself, we are happy to work with your software provider.

The comprehensive verification provides evidence that all the major security controls are in place and that they have been used properly throughout the application, including authentication, access control, input validation, output escaping, encryption, data protection, error handling, logging, and back-end communications. In addition, we satisfy the PCI DSS compliance application security requirements.

ISR Computing's reports include a strategic executive summary, a clear scorecard, and detailed findings that can serve as evidence of application security due diligence and compliance. Each finding includes a full description of the risk, including the likelihood and impact of a successful exploit to the business. We also detail the procedure for reproducing the finding, as well as a detailed description of how to remediate the issue.

Our services include:

• Code Review
• Penetration Testing
• Threat Modeling
• Automated Security Testing
• Vulnerability Scanning

Go to top

Cisco Security Network Admission Control Implementation Service

The Cisco Network Access Control (NAC) solution uses your network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Organizations using NAC can allow network access only to compliant and trusted endpoint devices (PCs and servers, for example) and can restrict the access of noncompliant or unmanaged devices. By integrating policy enforcement and access-control capabilities throughout the network, NAC can limit exposure to devices that can compromise the security and operation of the network.

To implement NAC successfully, your organization must carefully plan, deploy, and configure NAC to work with your existing infrastructure. As part of the implement phase of the Cisco Lifecycle Services approach, the Cisco Security Network Admission Control Implementation Service, designed for large enterprises, provides expert advice from skilled ISR Computing security engineers to help ensure a successful Cisco NAC implementation. The service provides rigorous requirements planning, design, and implementation consulting—essential to deploying an effective NAC solution that reduces the risk of noncompliant hosts obtaining access to your network.

NAC readiness assessment

ISR Computing network engineers analyze NAC deployment requirements and assess the readiness of your organization’s network devices, operations, and architecture to support the NAC solution. In addition to identifying components that do not support NAC capabilities, security engineers determine if your network topology supports a scaled deployment and deliver an impact analysis detailing requirements for redundancy, scalability, and hardware and software upgrades. Detailed requirements are provided for:

• Appliance-based and architecture-based framework approaches to NAC
• Endpoint security software, including Cisco Security Agent, Cisco Trust Agent, and antivirus software
• The Cisco NAC Appliance
• Network router and switch devices with NAC capabilities
• Cisco Secure Access Control Server (ACS)
• Cisco VPN 3000 Series Concentrators

NAC pilot deployment

ISR Computing network security engineers install and configure a pilot deployment solution, allowing your IT staff to test and gain experience with the NAC solution. This limited deployment can be deployed in a lab, production environment such as a branch office, or for VPN users. The service includes configuration, maintenance, and support documentation for NAC components.

NAC design development

ISR Computing consultants assist in developing a detailed design for integrating NAC into your network infrastructure. Working with your IT staff, design engineers develop the overall strategy and plan for the NAC solution, providing an in-depth analysis of the technical, procedural, and resource requirements for a corporatewide deployment. ISR Computing consultants also provide a design specification that defines the network topology and configuration recommendations for network access devices, Cisco Secure ACS, management software, endpoint software such as the Cisco Security Agent, and antivirus technology.

NAC implementation engineering

The Cisco NAC solution must be carefully deployed, configured, and integrated into your network infrastructure, so ISR Computing security engineers support your team through a full-scale implementation. ISR Computing consultants work with your IT staff to develop detailed deployment plans, including installation, configuration, integration, and management. After the plans are completed, ISR Computing security engineers deliver onsite support for installation, configuration, testing, and tuning to help ensure the deployment integrates smoothly into the production environment.

Cisco Security Network Admission Control Implementation Activities, Methodology,and Deliverables

Conduct a design workshop to gather business, technical, and operational requirements

• Analyze NAC deployment goals, objectives, and requirements
• Analyze the impact of integrating NAC with existing IT infrastructure, software operations, and security management procedures
• Assess your network’s readiness to deploy the solution, including the current IT infrastructure, security devices, software operations, and security management procedures
• Jointly define the architectural, topological, and functional requirements for the solution
• Develop a detailed design of the system, including network diagrams and sample software configurations for protocols, policies, and features
• Specify hardware and software requirements, including Cisco security management tools
• Develop an implementation strategy and plan that details the requirements for solution deployment, integration, and management
• Develop the solution testing, installation, integration, management, and maintenance plans
• Provide support for custom installation, configuration, testing, tuning, and integration of the solution for a limited or corporatewide deployment

Provide staff with practical education on the operation and management of the solution

Methodology

• Conduct a kick-off meeting to identify the business objectives for the project, introduce the implementation team, and review major implementation tasks and milestones
• Conduct a design workshop to gather business, technical, and operational requirements
• Assess network readiness to support NAC and document findings and recommendations
• Develop a NAC deployment plan
• Develop a NAC design specification
• Perform custom implementation, configuration, and integration of the Cisco NAC solution
• Document NAC operational policies, tuning, and operational procedures
• Deliver maintenance and support documentation
• Present an executive summary of the Cisco NAC implementation methodology and production deployment

Deliverables

A detailed Cisco NAC Network Readiness Assessment Report with analysis, findings, and recommendations

• A Cisco NAC Design Specification with detailed network diagrams and sample configurations for NAC components
• An optimized Cisco NAC implementation in a production environment

Service Benefits

With the Cisco Security Network Admission Control Implementation Service, your organization can:

• Limit damage due to virus, worm, and spyware outbreaks: Design and deploy a NAC implementation that helps ensure that all hosts comply with the latest corporate antivirus, endpoint security, and operating system patch policies
• Increase the value of your network and antivirus investment: Help ensure that the NAC solution increases the value of your investment in network infrastructure, access control, endpoint security, and antivirus technology
• Increase your network administration and IT staff productivity: Help enable the deployment of a systematic, integrated NAC solution that allows your IT staff to enforce host compliance policies and procedures
• Reduce your implementation and migration times: Avoid costly mistakes and decrease the need for expensive rework of your network infrastructure to support the new solution
• Reduce your total cost of network ownership: Help enable NAC capabilities and prepare for future NAC integration and deployment initiatives