Network Security Review

We are a $165M, SEG based credit union in Texas.  Digital Defense Inc. audits our network using three approaches:  (1) direct detection, (2) system fingerprinting, and (3) a variety of other pass/fail criteria specific to each test.  For our viewing purposes the audit data is consolidated, summarized and presented after each assessment.
This provides system administrators a reliable foundation for investigating and fixing vulnerabilities to assure digital assets are safe. 

The report is broken into 3 sections: 

Section 1:  The Executive Summary

              The Executive Summary targets the executive who needs to quickly ascertain the security posture of the networks.  This section summarizes the results of scanning and/or penetration testing.  It presents a security posture description and graphical representations of network vulnerabilities and host ratings – all in an easy-to-read, one-page synopsis.                     

Section 2:  Network Health Overview

              Network Health Overview provides two tables:  Network Vulnerabilities Risk at a Glance and Network Host Ratings at a Glance.  Each provides an expansion of the graphical data shown in the Executive Summary.  Use this section to help make strategic decisions about network security improvements. 

Section 3:  Network Vulnerability Detail

               Network Vulnerability Details provides in depth information about detected vulnerabilities and each host that was scanned.  This section targets the IT professional that manages network devices.  Use this section to get detailed information on a network device, the vulnerabilities it has and what should be done to correct them.

The system we selected, it should be noted, was not True IP, but a PBX-IP hybrid.  According to research we had done, True IP was twice the cost of the hybrid, and only allowed us to better control the intricate inner-workings of the system (which we knew we’d never fiddle with ourselves).  Another disadvantage we saw in True IP was that if our network went down, all our phones would also go down.  With the hybrid, at least the phones in our main branch would still be operational.  From what we had read, True IP is supposed to be the way of the future as it is much cleaner and less complicated to install, but we felt by the time our hybrid was obsolete it would have already paid for itself a couple times over.  In the coming years though, I am sure the cost of True IP will decrease as more players enter the market, thereby possibly making it the better solution.   

Some things to think about before deciding to go IP or selecting a vendor:

1) Do you need to use true IP, or is a PBX-IP hybrid sufficient for your needs? (we resisted the temptation to purchase “the best” and bought a hybrid)

 2) Is your branch layout such that you will actually save money on toll calls? (unless you purchase individual PBX-IPs for each branch, all calls are routed through your network and are charged as if they were dialed from the branch where the PBX-IP sits)

3) Have you studied your current call distribution?  (the PC based administration makes this easy to set up, but it won’t help you define what you want)

4) Do you have the current infrastructure requirements in place? (T1s, appropriate routers, etc.)