Awesome Technologies Logo

Awesome Technologies Inc, 740 Rowlee Road, Fulton, N.Y. 13069 

office (607) 562-3620
fax (315) 297-4040
toll-free (877) 411-6905

Company Service Engineering

The Awesome Technologies, Inc. – “Engineering Support Options” focus on providing onsite, task oriented support and SWAT operations for an organization. These support options help organizations to meet requirements and deadlines, while maintaining the highest level of integrity and quality.

On-site support
Awesome Technologies, Inc. (ATI) consultants comprise certified professionals whose experience and knowledge span multiple technologies and best practices. With ATI’s ongoing on-site support, organizations are able to augment their staff with consultants that can help to drive and meet requirements and cost objectives.

Task Oriented Support
Health checks
The device health-check is a service in which the ATI engineers perform a detailed analysis of devices and application’s configuration and security. The purpose of the Health-Check is to verify the stability and optimal functionality of the device and application. This review is implemented in two (2) phases:

  • Hands-On Review – This phase requires the physical analysis and review of the device/applications policies and configuration information.
  • Network Review – After identifying the policy and configuration settings, the network analysis ensures that no vulnerabilities have been opened due to these poor policy configurations.

This is an important service, since devices and/or applications that are improperly configured or patched may cause numerous network vulnerabilities and throughput issues.

The components of the review include, but are not limited to:

  • Device/application version (including service packs) and documentation of any security vulnerabilities or software bugs existing in this version.
  • Device/application operating system version (including service packs) and documentation of any security vulnerabilities or software bugs existing in this version.
  • Physical security of the device/application such as physical location, access control to the server room.
  • Device hardware review.
  • Network configuration components.
  • Operating system or application services enabled on the device/application system.
  • Device/application security policy review.
  • Review of the address translation rules and associated "arp" tables.
  • Review of device/application security logs.
  • Review of the device/application logs for errors and warnings related to possible hardware or software malfunction.
  • Review device/applications operating system process list.
  • Scan device/applications system for viruses, remote access programs and other back-door issues.
  • Review accounts set up on the device/application and the operating system.
  • Device/application software license review.

Dial-Up/Remote Access Service Testing
An assessment of the dial-in/RAS settings allows ATI to identify and exploit the analog connections and authentication methods for remote access. The objective of this type of review is to ensure that only authorized access from remote dial-up is provided to confidential information. The dial-up review is conducted in two (2) phases:

  • Identification Phase - This phase determines the telephone exchanges that a company may ‘own’ and identify modems, faxes, and other data devices on that exchange.
  • Vulnerability Exploit Phase – During this phase, the ATI engineering staff will carefully scrutinize all of the active data devices to determine the best methodology and toolset to utilize against the device.

We will review the configurations of these systems to ensure that the remote access environment is secure. Certain remote access software, if poorly configured, can provide back door access that circumvents any security controls that may exist in the network infrastructure.

Internet Penetration Testing
To test the overall adequacy of the security surrounding the Internet Point of presence infrastructure, ATI performs an external penetration test of targeted servers from the Internet.

Our external security audit methodology tests an organizations’ Internet point of presence systems for known security vulnerabilities and determines the extent to which it is vulnerable to an external attack. This type of security audit allows for a quick and efficient assessment of the security of information obtainable outside of an organization’s controlled infrastructure. It focuses on the possibility of an unauthorized user from outside of the organization to exploit known network and system vulnerabilities.

Internal Risk Assessment
ATI’s internal risk assessment service is conducted as a node on the internal network. Our testing will document the security exposure of the various systems as it pertains to the organization’s business. The primary focus of this assessment is to limit the exposure of these systems in the event an unauthorized individual is able to circumvent the security and controls of your perimeter Internet control devices (e.g. your firewall and exterior filtering router) or gain physical access to the platform.

During the course of this analysis, the ATI team will conduct a number of different functions. These include, but are not limited to:

  • Interviews with various IT individuals.
  • Network analysis of systems.
  • Physical analysis of environment and systems.

Our analysis will utilize various internally developed custom tools and analysis techniques.  These are complemented through the use of commercial security software from a variety of vendors since these tools afford us the ability to scan each host for over 2000 known vulnerabilities.

Application Level Assessment
The application level testing assessment consists of a detailed review of the application security architecture and it’s relation to the overall computing infrastructure. Our review will focus on analyzing the security layers that are implemented to manage and control the overall application environment.

The analysis will entail interviews with relevant employees, a review of existing supporting documentation and a comparison to leading practices. Our emphasis in reviewing application security is on ensuring the confidentiality, availability and integrity of content served by the application. Our review methodology includes a multi-step process for assessing application security configuration and operating system items. This phase of the review will focus on:

  • Application control analysis
  • Application design and integration of the application with the host operating system database engine,
  • Integrity of sensitive data transmitted over the network
  • User privileges and access control methods
  • Operating system configurations of the servers.

PBX Vulnerability Assessment
The PBX vulnerability assessment service offering by ATI helps to identify all poor configurations, open voice mail boxes, and dead circuits within a corporate PBX system. Most of these issues and vulnerabilities occur due to complexity of maintaining and operating a PBX system, as well as the ever changing flow of employees and department changes. These audits, can not only protect the company PBX, but also ensure that the PBX is being utilized in the most cost-effective manner.

Business Continuity Development
Most organizations would be devastated if their connections with their customers and/or partners were interrupted for any length of time. Awesome Technologies, Inc., business continuity service provides a recovery plan designed to provide immediate response and subsequent recovery from any unplanned business interruption, such as a loss of utility service, or catastrophic event such as a major fire. The development of a plan requires specific details for strategies and proposed actions necessary to rapidly and effectively recover business operations following an unplanned business interruption.

Technical Writing and Documentation
The ATI team is not only about engineering a solution, but about documenting it as well. Our staff consists of highly skilled and proficient technical writers that have published numerous technical documents, study guides, training material, and whitepapers. Utilizing their technical writing skills, our engineering staff will carefully document each step and process involved in a design, so that a complete solution can be delivered to the customer.

“SWAT” Team
The Awesome Technologies, Inc. “SWAT” Team is at your disposal when a compromised network imperils your mission-critical applications. The ATI “SWAT” Team is comprised of an elite core of architects and engineers who are focused on recovering your network and stabilizing your production application environment. After resolving the issues, the “SWAT” Team provides a post-mortem detailing what went wrong, as well as recommendations in the form of a disaster mitigation exercise to ensure future network continuity and non-repeat occurrences. A key component of most businesses, of yesterday and today, is to successfully learn from mistakes, not fall prey to them again!

***Please do not forget that a health check is normally enough to isolate issues before they become business threatening EMERGENCIES and a job for a “SWAT” Team!!!

 

Related resources

  • Gartner
  • IEEE
  • CompTia
  • Microsoft
  • Cisco Systems
  • Verizon
  • att Consulting