Context has developed a suite of services designed to improve the effectiveness and reduce the cost of internal infrastructure testing. Internal testing is usually conducted at a client’s premises and is scenario and risk-based, examining, for example, the potential consequences of a rogue employer or contractor carrying out malicious activities. It can include reviews of standard desktop or laptop security, as well as assessments of content security or of virtual local area networks (VLANs) and of VoIP, mobile and wireless networks and applications. We are also able to carry out system build and configuration reviews and network device configuration audits.
If a corporate mobile phone is lost, what can the finder obtain from it? Many corporate phones have access to email, as well as potentially confidential notes or even contacts. We help our customers consider the risks that deploying a mobile solution may carry, and ensure that they take adequate steps to prevent a mobile phone being compromised.
We have undertaken many such projects for clients, including iPhone reviews, and configuration reviews for a Blackberry Enterprise Server. We also have an in-depth understanding of 2.5G (GSM)/3G(UMTS) networks.
Voice over IP (VoIP) networks can fall victim to the same security risks that threaten data networks, so Context always recommends thorough and rigorous security testing of any VoIP network. These tests include a reconnaissance exercise to determine which protocols are in use; examination of all types of VoIP handsets in use within the network, together with voice servers and border protection systems; network sniffing, to collect VoIP calls then replay them in an audio format; assessment of the potential to use the network for a denial of service (DoS) attack; and packet analysis to assess authentication mechanisms.
Context has comprehensive experience of security testing for wireless technologies, a common source of security problems. Here, vulnerabilities may be created in a variety of unexpected ways. For example, staff may install –possibly for illicit but not necessarily malicious purposes – unauthorised, inadequately secured wireless devices that bypass existing security measures or corporate internet usage policies. This may then create a point of entry for malicious attacks. Our expertise helps ensure that clients are able to identify and resolve these kinds of issues. We have particular experience in testing, and finding significant vulnerabilities, in large enterprise wireless deployments which utilise enterprise grade authentication and encryption standards.