Network Security Services


Hawes Technologies specializes in security and compliance Network Audits for City and County governments. Our Network Audits are designed to uncover all existing and potential threats to your Network’s Security.

No Network is ever 100% secure, yet regular, annual Network Audits that assess and evaluate everything that goes on in your Network, can greatly reduce the threats to your system.


Hawes Technologies also helps government entities create and implement policies in line with HIIPA, PCI.


Risks to Network Security


Evolving Networks

Network demands change as organizations evolve, grow and shrink. System mergers take place, and equipment & devices pass from one operational team to another, exposing Networks to many vulnerabilities.


Unsecured Network Assets

Unchecked and improperly secured hardware devices and software can be added to a company's network by anyone within the organization, often without the Network Administration's awareness.


Bring Your Own Device (BYOD)

BYOD use has increased exponentially, with over 80% of organizations now allowing employees to use personal devices to connect to corporate networks. While this provides a cost saving advantage to the employer, and a convenience for the employee, it also exposes your organization's network to major security issues.


Spear Phishing Attacks (SPAs)

SPAs are designed to infiltrate a Network and access sensitive data. Appearing to come from a trusted source, SPAs are delivered through emails that contain a link. Clicking this link usually results in the download of malware, spyware and/or Trojan Horses.


Removable Media

Removable media, such as MP3 players and USB devices can bring harmful malware into your Network System, as well as steal sensitive data out of it.


Network Upgrade & Refresh

If Networks are not updated and refreshed on a regular basis (preferably yearly), security can become compromised - Before upgrading, you will want to perform a Network Audit to access what is going on in your system. For instance:


  • Which devices are still supported by current vendors (both software and hardware),
  • Which devices to replace, and
  • Which ones to upgrade.

Network Security Services Include:


Network Penetration Testing

Tests & verifies the security of your company's IT systems, networks, perimeter security controls and web applications, and recommends safeguards to strengthen your level of protection.


Network Security Maintainance

Hawes Technologies offers proactive and scheduled maintainance for your server, storage and backup systems.


Network Audit

Identifies potential vulnerabilities within the physical network, connected servers and network devices, including:


  • Running Services: Any service that is running on a network device can be used to attack a system. A solid network security audit will help to identify all services and turn off any unnecessary ones.

  • Open Ports: A network security audit will help to identify all open ports on network devices. All unneeded ports should be closed to eliminate the possibility of being used to attack a network device.

  • Open Shares: Any open share can be exploited and should not be used unless there is some essential business purpose for it.

  • Passwords: Assessments/audits will evaluate the enterprise password policy and ensure that passwords used on the network devices meet the business password policy of password strength, frequent change, and other requirements.

  • User Accounts: During an audit, it must be determined which user accounts are no longer being used so that they can be removed or disabled. Unused user accounts allow for someone inside or outside the network to attack and take over the account or may be an indication of an already successful attack of the network.

  • Unapproved Devices: Unapproved or unknown devices such as iPods, Smart Phones and Wireless Access Points installed on your network must be detected in an audit. Any or all of these, as well as other devices, can be used to attack the network or steal data off the network.

  • Applications: The type of applications being used on a system should be identified during this process. If any dangerous applications are found running on a system, they should be removed. A network security audit would also look for software programs that run automatically because they can be an indicator of a malware infection.


Ransomware - The Fastest Growing Malware Threat


WannaCry

The recent “WannaCry” ransomware attack , that affected businesses and large institutions, including FedEx and Britian’s National Health Service, as well as many victims across Asia, is a timely reminder of why regular Network Audits are so critical.

Ransomware is a malware that takes control of systems. It prevents the user/business from accessing their data unless they pay a “ransom”.

Regular Network Audits can greatly ameliorate the devastation of insidious malware attacks like “WannaCry” by ensuring vulnerabilities within your Network are identified and addressed.


US Department of Justice Ransomware Statistics

In 2016, the US Department of Justice reported that ransomware is the fastest growing malware threat. Government statistics state that more than 4,000 ransomware attacks have occurred daily since January 1, 2016 - A 300% increase over the approximately 1,000 attacks per day seen in 2015.


Ransomeware - Threats to a City's Water Supply

Georgia Institute of Technology (GIT) researchers created a proof-of-concept ransomware that, within a simulated environment, was able to gain control of a water treatment plant and threaten to shut off the entire water supply or poison the city's water by increasing the amount of chlorine in it.

Dubbed LogicLocker, the ransomware, presented at the 2017 RSA Conference in San Francisco, allowed researchers to alter Programmable Logic Controllers (PLCs) - the tiny computers that control critical Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) infrastructure, like a power plant's or water treatment facilities.

This in turn, gave them the ability to shut valves, control the amount of chlorine in the water, and display false readouts.

Initially, ransomware targeted regular internet users; however, most recently, the threat has begun to target enterprises, educational facilities, hospitals, hotels and other businesses.


ref: Out of Control: Ransomware for Industrial Control Systems