Security health evaluation provides recommendation on information security base on the overall review of multiple integrated security service items. Therefore, to implement technique control measures and upgrades the security protection of networks, information systems and personal computers. There are seven major evaluation items:
Evaluation Items |
Description |
Network Structure Review |
-
Discussion on structure, equipment deployment, redundancy approach, firewall regulations and host deployment
-
Discovering structure weakness, firewall rules, and inappropriate host deployment, provide enhancement recommendations
|
Wired network malicious activity review - packet sniffing and analysis |
-
Duplicate the traffic to packet sniffing system via Switch
-
Retrieval of packet sniffing records to conduct connection analysis
-
Point out network equipment unusual incidents (such as abnormal connection of relays etc.)
|
Wired network malicious activity review - network equipment log file analysis |
-
Use tools to collect Log of network equipment, and conduct analysis on discovered suspicious programs and related records
-
Analyze and filter internal computers or equipment to see if there is any abnormal external connection
-
Computers or equipment with abnormal connection need to be identified with respect to its usage and purpose
|
User end computer review |
-
Check malware and updates views on user computers
-
Dispatch of tools to detection host check by AD, together with Log recall
-
Use tools to check accordingly if AD does not conduct dispatch
-
The result will be listing out high-risk computers, and provide improvement recommendations
-
Assistance in delivering suspicious programs to antivirus suppliers for making antidote
|
Server host review |
-
Check for malware and update views of server hosts
-
Dispatch of tools to detection host check by AD, together with Log recall
-
Use tools to check accordingly if AD does not conduct dispatch
-
The result will be listing out high-risk computers, and provide improvement recommendations
-
Assistance in delivering suspicious programs to antivirus suppliers for making antidote
|
Security configuration review - configuration of AD server group policy |
Review password setting and account lock policy of group in directory server, such as configurations of “Password Setting Policy” and “Account Lock Policy” in the Group Policy related to AD server. |
Security configuration review - configuration of firewall connection |
Review connection configuration rules of firewall (such as external network to internal network, internal network to external network, internal network to internal network) to see if there is security vulnerability, and identify appropriateness of communication between source & destination IPs and ports. |