Security Consulting

Setting up a corporate network is a difficult task to do correctly. While it is easy to find IT professionals that can get the job done, often times they are not adequately trained in security. And since managers can't tell if a system is secure, workers that are security-aware sometimes willfully choose to cut corners in order to meet deadlines. These are serious risks to all organizations that, unfortunately, are only handled after a serious security incident has occurred.

In order for a network to be secure, all of its components must not only begin in a secure state, but they must also be properly maintained over time. This means all system designs and maintenance plans must closely adhere to the best practices in systems administration. Positron Security has a proven track record for reviewing procedures to ensure systems have been installed properly and that they are kept up to date in a safe and effective manner.

Positron Security is also experienced in user training. Although there are many weak points in deployed technologies, often times the weakest link is the end user. Without the proper knowledge, users choose guessible passwords, install spyware, and trust third parties inappropriately. While some organizations focus on the security of their servers, they almost always tend to neglect their people. Positron Security excels in teaching advanced concepts to everyday people, regardless of their technical ability. We can ensure that your people are comfortable in working with your organization's security, and not against it.

To illustrate our abilities, here is a list recent of configurations & procedures completed for clients:

  • Performed forensics to determine unauthorized access.
  • Constructed SSH tunnel infrastructure to connect to MySQL/PostgreSQL databases and Subversion repositories.
  • Designed SELinux policies for Apache to ensure web scripts were not vulnerable to SQL injection, XSS attacks, etc.
  • Examined necessary network services & shut down those that were un-needed.
  • Restricted Linux system accounts to SFTP-only.
  • Reviewed user requirements to restrict account access to minimum levels.
  • Implemented SSL-protected sites with a good balance between cipher strength and server performance.

Click here to request more information about security consulting.