>> EN | DE
   Home | WiseTest | Services | Products | References | News | Events | Partners   About Detack  
 
    IT Security Services
Detack Services Overview
Selection Guide
Premium Audit
Audit Targets
Audit Layers
Audit Perspective
WiseTest
Consulting

 

 

 

 

 

 

 

Services > Premium Audit > Audit Layers

External

The "external" analysis layer comprises all IT security auditing performed from the perspective of an attacker placed outside the target(s), most often in a public area. This type of auditing is the most common since it covers the IT security vulnerabilities exploitable from public zones. All the IT security auditing covering this layer simulates attackers (anonymous or authorized clients) targeting the audited systems via the Internet, via public telephony networks or other large scale networking environments with public zones.

DMZ

The DMZ layer analysis comprises all IT security auditing performed from the perspective of an attacker placed in a DMZ area. All the IT security auditing covering this layer simulates attackers (anonymous or logged in clients) targeting the audited systems from one or more DMZ areas, presuming that the external security measures have failed and the attacker is at the DMZ level.

Internal

The "internal" layer analysis comprises all IT security auditing performed from the perspective of an attacker placed in the internal network. The "internal" network represents all the restricted and trusted areas, e.g. it can also be a remote location connected via a private link or via VPN. The most common case simulates attackers being in the position of an occasional visitor or an employee. Additional profiles include service partners, business units, enterprise scale clients, etc., targeting systems with a higher security clearance. The internal layer security auditing is usually highly customized in order to match the specific case of each client.

Supporting Layer

The "supporting" layer analysis comprises all IT security auditing that targets systems and frameworks that make the infrastructure for more complex business services, regardless of their position. For example, such an audit can target all the routers, switches and access systems, regardless if they are external or internal, from both anonymous and user perspective; such an audit would address the networking part of the supporting layer. Similarly, audits addressing the management systems, firewalls, VPN systems or operating systems can be built.

Application Layer

The application layer auditing is one of Detack's strongest points. It represents the most complex phase of any security auditing project; it concerns the analysis of complex business applications, frameworks and application environments, covering all the related components regardless of their type or placement. The auditing of this layer is always customized depending on the type, development environment, usage and size of the target application or set of applications. The targets qualify as "application" layer test objects whenever the complexity of their functionality exceeds a certain level, for example not only an online banking system or a SAP server can qualify as application layer targets, but also a complex VPN server.

Custom & Complex Landscape

Complex landscapes are covered by IT security audit module sets that are customized in order to include all the layers present in such environments. Example targets are large, multinational companies with complex IT environments.
© 2000-2011 Detack GmbH. All rights reserved.