Good security requires a methodical process and on-going vigilance.  Montebello Partners can improve your security by providing security auditing, policy recommendations, technical architecture, training, and implementation.  We approach a security engagement in three broad steps:

First, a security plan must be established with identifies your goals.  

  • What types of attacks do we anticipate?  We consider theft of data, corruption of data, unauthorized editing of data, denial of service, theft of service, and repudiation (where a user denies they made a transaction.)
  • Then for each type of attack, who might attempt it, what do they stand to gain from it, and what are the possible consequences to your business?  
  • Then we clarify objectives in thwarting these attacks.  Do we need to prevent these attacks completely, to alert an administrator when they occur, or simply to provide auditing to detect and reverse any unauthorized alterations?
  • Next we categorize data and services and assign a class of protection we wish to provide for it.

Second, once security goals and objectives are established, we evaluate current systems, design improvements, and implement our changes:

  • Our security audit examines an existing installation or design for vulnerabilities.  This can use external network probing tools, internal server security auditing tools, a review of network architecture, and a review of server, firewall, and database security policies.
  • Security design improvements include the user, network, and server, and database policies we recommend.  Who should be allowed to do what?  If a particular component is breached either externally (through a network attack) or internally (e.g. from running a Trojan or a packet sniffer), what other components become vulnerable?
  • Our software development professionals can audit source code, verify or develop secure routines, analyze architectural vulnerabilities, train in-house development staff, and help assure security of your released software.

Third, we establish ongoing monitoring and response to security threats.  This includes:

  • Network and server monitoring tools to detect significant attacks, and periodic service or transaction audits to detect suspicious activity.
  • A response strategy, which can include administrator notification, automatic lock-down steps for particularly threatening attacks, and manual lock-down or lock-outs on a case-by-case basis.
  • Ongoing monitoring of security bulletins to be aware of any new vulnerabilities uncovered in existing software, and updating/patching significant holes.

In sum, an understanding of business threats and risks should inform a cost-effective security solution.  Once security policies are determined and implemented, ongoing monitoring is essential since both casual and professional attackers are constantly evolving their techniques.

You may: