Protecting business critical IT

Marathon’s Firewall Security Testing Service is designed to ensure that Firewalls have been installed and configured with appropriate port security is in place. The service is also designed to minimise the risk of intrusion attempts or unauthorised access to internal IT systems.

The service is an important part of ‘Firewall Lifecycle management’ and is used to ratify security from the initial installation and throughout the lifetime of the device. The scope of the service is to conduct regular network perimeter device exploration and security audits.

Reports are delivered using secure emails and the information gathered by the service includes:

  • Which Firewall ports are open and why
  • A ports table (lists the port number and protocol, service name, and state)
  • Software version details (for vulnerability management)
  • Supported IP protocols
  • Reverse DNS names
  • Device types
  • MAC addresses
  • Script Scanning

The service scales from devices with a single IP address through to 10 IPs for larger implementations in a corporate environment.


 

What are the benefits?

  • Minimise the risks associated with new technology implementation
  • Have confidence that your IT security perimeter devices are regularly analysed for potential weaknesses
  • The service is unobtrusive and stealthy to ensure that business impact is kept to a minimum
  • The service can be delivered as a one off test following the initial equipment installation or as a quarterly Firewall Health Check service.
  • Reports highlight any changes that have been made or risks that have been introduced by those changes since the last Health Check service

Optional Extras

  • Firewall configuration and installation Service
  • Hardware maintenance
  • Remedial action following the Firewall Security Test
  • Penetration Testing
  • Vulnerability Scanning
  • Internal NAT translation and analysis
  • High Availability testing for dual devices etc.
 
 
 
 

 

Penetration testing

Marathon provide full Penetration testing which will include an ethical and authorised, attempted external attack, on a computer system, with the intention of finding security weaknesses, which could lead to gaining unauthorised access to systems and data.

Marathon conduct Penetration tests using the "informed" testing method. This means, we will sign a non-disclosure agreement with your organisation to enable you to give us details of your firewall solution (the overall design, the IP addresses, etc.). We are then able to run penetration tests against your firewall defence, using exploits appropriate to the devices and products in use. Every test is carried out by a highly trained security professional.

Reporting

Marathon deliver a concise, plain-English summary of any vulnerabilities we find including their severity and potential impact on your organisation. The report also provides recommendations on how to mitigate risks and carry out remedial actions to resolve potential threats.

What's next?

We need to conduct a scoping call to understand the attack surface that we are testing and the objectives for the test. Once complete we can produce a scope of work for you to approve and normally conduct the test within a few days.

 

 

 

What are the benefits?

  • Running regular penetration tests gives your clients and partners confidence in that you are taking proactive measures to ensure the security of data and IT systems, which may contain some of their own business information assets
  • Running regular penetration testing is now, for many organisations, a regulatory, governance or audit requirement
  • To ensure the integrity and autonomy of the tests, an external security expert companies, such as Marathon, needs to be engaged to conduct the tests on behalf of the organisations.
  • Marathon use CREST (Council of Registered Ethical Security Testers) consultants to conduct all of our penetration testing and reporting engagements

Optional Extras

  • Vulnerability Scanning
  • Internal DMZ Attack Testing