Who
What
When
Where
Why
How

 
Home

Why? Because we like you.

There's security and there's security. You have all your operating system patches laid on. Your anti-virus ware is up to date. Gee golly, you even have a late-dated backup! Sounds like you're covered.

But what's this? All of the sudden your bandwidth usage is through the roof, and it's not because your website was Slashdotted. In fact your website can't get a word in edgewise. Your mail is dragging, your browsers are choking and your ethernet switches are lit up like Christmas trees. Is your database being raided? Are your engineering drawings going out the window? Or does someone merely dislike you enough to launch a denial-of-service attack?

An effective attack takes information beyond the simple how-tos of launching the daemons. The attacker is constantly seeking to learn more about your company. How is your network laid out? Who maintains the servers? Who made your routers? What webserver are you running? What database backend?

We know you haven't gone out and advertised these things, of course. Or have you?

Knowledge is power. A little bit of knowledge is still a little bit of power. Your opponent can bank that power like charging up a battery. Soon he'll know the names of all your executives' assistants. And their phone numbers. Maybe everyone's phone number. Certainly a good idea of how your phone system works. He'll know the IP addresses of all your servers, and which machine is used for what. He will have mapped all the ports of your firewall. He will have found that FTP server one of your engineers set up so he could do some work from home.

(Remember the proprietary I2O bus standard? It became non-proprietary very quickly when someone discovered it on an insecure anonymous FTP server! They had made themselves an extra-juicy target, too, because they wanted the Linux community to sign NDAs before releasing the specs. Linux is an open system, you see, and those folks would rather poison their mothers than sign an NDA. Suddenly hundreds of unhappy hackers were poking around. And now Linux supports the I2O bus!)

We'll take a look at your systems and your network. Then we'll take a look at the data you're sharing with the world. Intentionally or unintentionally. What's hidden in your web pages? What are your employees talking about in their forms? Do you really need your entire employee phone directory online? What does Google know about you?

We'll take a look at these things and take a look at your company like your opponents would. We'll give you an assessment and some recommendations that will help you make good decisions about your security needs, policies and procedures.

Why? Because we like you!

©2011 29 Random Numbers, Ltd.