Case: Cyber Security Audit
Location: International School
Brief: An international school engaged RP-DS to audit their cyber and IT security. The audit scope was a number of web based servers and their respective web applications.
Procedure: Initially, we audited which services on which servers were available to audit and the steps needs to be taken. We received detailed information including their network topology and network information such as the internal and external IP addresses and test accounts to access the web applications so we can check if the different groups of users are granted the correct access rights. Using a web application vulnerability scanner the infrastructure was tested for any vulnerabilities. Arrangement were made to spend a number of days on-site running security assessments and auditing the web application features. With the gathered data, we reported back our findings and recommendations to harden their network security.
Outcome: A number of servers and web applications were detected to have vulnerabilities and some potential malware was detected. Actions to immediately remediate malware were put in place.