Designing and building a new network, subnet or remote access solution is by no means a straightforward or cheap process. It can take months of proposed network topology reviews, various revisions of kit lists to ensure each box is capable of sufficient throughput or running enough ports to future proof the design, presentations to key stake and budgets holders at a senior level to get the project signed off, the allocation of hundreds of man hours to implement the new design and a project management team in place to cope with the inevitable delays and problems that always arise to ensure the go live date and the budget are met.
Why then, with all of this work happening in the build up to the go live date, would a project team schedule the first penetration test for two weeks before this date? What happens if the penetration test uncovers several flaws that push the whole project back? Flaws that could have been spotted much sooner in the process and consequently rectified at much less cost to the overall project.
Yes, a penetration test at this stage is always advisable in order to sign off on the final network, but the first stage of the risk mitigation and management process should be when the network is still on paper.
You may feel that the network has been designed so efficiently and diligently that any extra expense would not be justified. But what if the team are too close to the project and blinkered to an issue on the periphery of their vision? What if the team charged with designing the network have an understanding of security but it is not their bread and butter, day-in, day-out?
A few extra days at this stage may not find anything considered to be show-stopping, in which case the project can proceed with added confidence but what if that review highlights just one serious issue or oversight? Could that prevent the entire project being set back by weeks once all of the hardware is installed? Would those days be wasted or worth their weight in gold?
If you are planning a major network upgrade, design or redesign then contact NTA to discuss a design review and build security and confidence into the designs from day one.
I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.
Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.
We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...
I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.
The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.
On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...
NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.