DIR Security Services
Security Services Brochure
DIR Security Services
Through precisely executed and targeted assessments, DIR security analysts will identify your organization’s information system vulnerabilities – before a malicious attacker does. DIR has identified thousands of security vulnerabilities across state and local government information networks, exposing an average of 36 high-level vulnerabilities per engagement.
DIR provides a number of Information Security services specifically targeted to Texas State agencies, local governments, and educational entities. In addition to providing general policy templates, maintaining an emergency alert system, and providing white papers and guidelines on information security issues, DIR offers 5 core security services designed to identify and assess IT-related vulnerabilities.
Network Security Testing
House Bill 3112 of the 79th Texas Legislature enacted Chapter 2059 as an amendment to Texas Government Code. Section 2059.056 of the code states that DIR has responsibility for network security related to external threats to the agencies. Network security management regarding internal threats remains the responsibility of the state agency.
In accordance with the code, DIR has established a secure Network and Security Operations Center utilizing a shared security architecture. DIR contracted with AT&T to provide this network security monitoring service for Agency external networks.
War Dialing
War Dialing is a test designed to target devices and equipment connected to telephone lines. DIR Analysts utilize commercial software and custom scripts, to perform a comprehensive sweep of all devices and equipment attached to a customer's telephone lines. Where applicable, Analysts use remote desktop dialup software such as pcAnywhere, Carbon Copy, or terminal emulation software to attempt connecting to and penetrating attached equipment. Upon conclusion, DIR will provide a custom report detailing vulnerabilities found, with recommendations on how to remediate and/or mitigate the vulnerabilities. In addition, DIR will provide the comprehensive scan results from the commercial tool.
Wireless Networking
DIR offers three variations of wireless testing depending on the needs of the customer. In each case, DIR uses commercially available software, freeware, shareware, and custom scripts to test for the presence of wireless devices. This service includes external attempts to locate, identify, and access wireless access points the customer may be utilizing. Upon request, this service could also include internal testing to assist local staff in locating unauthorized wireless access points. At the conclusion of the engagement, DIR will present a custom report detailing the findings. Customers outside of the Austin area are responsible for DIR's travel and incidental expenses.
Denial of Service Testing
Denial of Service (DoS) is a situation where a circumstance, either intentionally or accidentally, prevents a system from functioning as intended. DoS testing is designed to assess a system for circumstances beyond its intended capacity, such as an increased work load or unexpected parameters being imposed upon it. DIR uses specific tools and techniques to test for vulnerabilities that are often associated with a DoS attack. This testing requires DIR Security Analysts to work closely with local administrators to coordinate testing. Upon concluding the tests, DIR will present a custom report detailing the results of the DoS testing.
Customized Services
Customized services, which are available dependent upon scope and availability, offer customers the ability to leverage the expertise and talents of the DIR Security Division. Customized services may include forensic aid and technical assistance, network security design and device/equipment configuration, or security policy review. DIR can also provide specialized training, targeted assessment of a given host or device, testing of Internet-accessible applications, or custom social engineering assessments. If customized services are requested, DIR will work with the customer to develop a detailed project description and scope of work. All testing will culminate with a custom report detailing the results of the tests with any relevant recommendations to mitigate or remediate any outstanding identified vulnerabilities.
Contact Us
For more information, please contact Ana Luevano at 512-463-4251. Send comments and questions to the IT Security Division.
|
