This manufacturing firm based in Ahmedabad, India has assigned the ECS Biztech for the task of executing a comprehensive security assessment of their infrastructure and their web applications. The comprehensive security assessment involved reviewing their controls, security infrastructures and application security practices.
Task Detail | IT Audit of manufacturing company |
Industry Vertical | Manufacturing Mechanical Parts |
Location | Ahmedabad (India) |
Time to Solution | 25 Days |
Salient Challenges (Findings)
- During the execution of the security assessment extreme Critical vulnerabilities that could affect the System and Data Availability were discovered which could potentially compromise the infrastructure so that it could lead to the potential compromise of the entire IT infrastructure of the organization.
- It must be noted that due to the disobedient design of their Network Structure Diagram, threats of network security were very high. This critical design issue could put the whole system in jeopardy.
- During the manual configuration check for Firewall policies it was discovered that policies rule-set were quite messy, due to which the proper policy set could not be managed by IT head as the policy-setting permission given to the more than needed persons of the IT staff.
- Major issues distinguished like breaking into firewalls by remote access as an external attacker with easy to get public IP, breaching the company’s CCTV footages also as an outside attacker, etc. could lead the whole system to a crucial threat.
Solutions (including our services)
- ECS started work via a kick-off meeting with management and explained the importance of VAPT audit service and informed how it is executed.
- Another two rounds of in-person audit visits were performed to their campus to check security processes at critical points, such as entry into IT data-centers, password schemes, Network Diagram.
- IT staff was interviewed during this time to gain knowledge of various processes being followed and not being followed to manage the security.
- A detailed penetration test was performed to exploit vulnerabilities in terms of technology infrastructure found during the external scanning of various IPs.
- For the Disordered Network Diagram & messed up Firewall policies rule-set the whole new Design & policy setup rules were suggested & helped to implement as well.
- VAPT report was created with proof of concept to prove the exploitation of various vulnerabilities as an outcome of the scanning test.
- A detailed complete VAPT audit report mentioning areas that failed with non-compliance, areas which exhibited adequate security and process following, and also the areas which were in-tact.
Results
- The firm’s IT head, as well as Management, were quite happy to achieve prior time and threat alert by audit report against any possible future cyber threat against the network as well as firewall & whole system.
- Newly suggested Network Diagram is properly designed by the rules so that could now manage traffic as compare to the company’s previous Network Diagram.
- Policy set’s rules were advised to manage properly with our expert’s guidelines which turned out as the easy, clear, simple yet stronger firewall rules now managed by only the proper authorities of the firm.
Benefits with ECS
- Asset management and classification
- Internal policy compliance
- Legal compliance
- Business continuity management
Conclusion
ECS has performed detailed level of internal as well as an external audit which includes the configuration audit of network security devices (firewall, network switches, Wi-Fi), Server farm and Storage and by the result of the audit, ECS recommended various solutions which helped the client to level up the rules of policy setup, mitigate the vulnerabilities, hardened the configurations & updated the Network Diagram to match with industrial standards as per our guidelines.