Security Audit & Review

It is generally recommened by security professionals that security audits be performed on a routine basis. Our recommendation is to run these audits quarterly, or after any code/configuration changes such as deploying a new application/api version.

External Audit

During an external audit Edoceo will review the Internet facing side of the operation. That is external IPs from offices, co-location and in some-cases homes. These systems are put through a series of tests (over 23,000) to ensure that they are not exposing more services than necessary.

  • Network Scanning
  • Service Identification
  • Well Known Site Paths (phpMyAdmin, Drupal, Joomla, &c)
  • Undesireable Open Ports
  • Insecure Services (when SSL Options Exists)

The audit report from this system produces signifigant information and collect such information as services and versions visible. Well know site directories, server configuration exposure and web-application vulnerabilities.

Tools used include OpenVAS, arachni, dirb, wapati, nikto, nmap, our own custos and many more.

Internal Audit

Customers who desire a more indepth review of their security both as a configuration and as policy/procedure can opt-in to an internal audit. During this process we check for numerous "best-practice" recommendations and review the existing controls in place. Some items that are reviewed include, but are not limited to:

  • Most Recent Computer Operating Systems and Updates
  • Update Review and Deployment Policy/Procedures
  • Password Age and Complexity Policy
  • Adaquate Change Order Logging

Security must be the the primary concern of any financial institution. Encryption or decryption of data is a quick small step to secure you data against theft. These systems are inexpensive, compared to losing customer data, and efficient and can often be implemented in place. Edoceo specializes in providing the highest levels of encryption for data storage or active systems with proven technology that doubles or quadruples the minimum levels required by the FDIC.