IT audit

IT security audit for companies and institutions

The IT security audit carried out by Exanet from Poznań is a set of activities taking into account the review and assessment of security policies of the IT system in a company. IT audit is performed in order to detect potential threats, vulnerabilities to attacks that can block the operation of a company and attempts to steal or destroy data.

The main goal of the audit is to obtain a full picture of the security level of the company’s IT system, which may constitute the basis for taking actions related to the reconstruction of security policies and the IT infrastructure.

Modernization of IT environment

A systematic approach to the issue of building and designing safe computer networks and server systems is extremely important. An IT security audit along with an audit of IT infrastructure is an indispensable element in the process of constructing or modernizing IT environments. In these areas, Exanet follows proven and best practices in line with SAFE policies developed by companies such as: CISCO, IBM, Microsoft.

Benefits of conducting an IT audit

An IT security audit and the appropriate security policies developed as a result of the IT audit can bring many benefits for the company. First of all, a higher level of satisfaction of employees, customers and business partners is generated due to the uninterrupted availability of IT services. Secondly, business continuity is ensured, even in the case of company’s IT resources being under attack, loss of important documents, orders, damage to databases and equipment is prevented.

An IT security audit allows the company to avoid unnecessary direct costs (time and resources necessary to clean infected systems) and hidden costs (lost customers, lost business opportunities, deterioration of reputation) related to breaching IT security.

Improving security thanks to an IT audit

During the IT audit, we detect malicious software that qualifies for immediate removal from the IT systems (malware, ransomware, botnet, trojan, viruses, etc.). A similar situation applies to active LAN devices and servers. Often, many network devices and servers are not up to date in terms of the software versions or firmware. It is also worth mentioning that important hardware without service contracts can become a weak link in the IT infrastructure in case of a malfunction.

Thanks to the IT audit, we get the knowledge of the necessary steps to improve the IT infrastructure and protect the company’s IT resources against unwanted access to data and against attacks that may affect the company’s operation, as well as what risk of failure or the occurrence of the above-mentioned problems can be caused by IT infrastructure in the current hardware configuration.

IT audit of the computer network

A thorough look at the computer network

Only thanks to a thorough look at the company’s computer network, we can get the opportunity to detect weak points in the IT infrastructure that may cause unexpected problems leading to a decrease in performance or a stoppage of the company’s operation.

Our services related to the audit of computer network

•  Preparation of complete network documentation in the form of a connection diagram.
•  Inventory of active devices.
•  Structured cabling measurement for compliance with the standard in which they operate.
•  Preparation of a list of services operating in the network.
•  Assessment of the configuration of individual devices in terms of security, efficiency and business continuity (routers, firewalls, switches, access points, etc.).
•  Testing the validity of software for network devices.
•  Identification of potential points of failure or reduction in network performance. Identification of external threats.
•  Assessment of the security mechanisms in use.
•  Scanning TCP / UDP ports from outside using NMAP tools. Identification of open ports and services made available to the outside.
•  Wireless network identification. Wireless network security research. Determining the method of user authentication in the wireless network.
•  Analysis of the configuration of existing VPN connections.
•  Evaluation of procedures adopted in the enterprise related to the computer network.
•  Assessment of power supply, cooling and extinguishing systems of the server room.
•  Checking the legality of installed systems.
•  Preparation of recommendations regarding network security and optimization.

Exanet’s activities during the audit of server systems

The audit of server systems includes the analysis and verification of the server infrastructure in the areas related to the physical, logical and service part of the systems. After the analysis is done, a map of the company’s infrastructure and services will be made. As part of the audit, issues related to the physical and logical security of the infrastructure and the compliance of the configuration of services used in the company with the current trends and good practices are also verified. Exanet engineers locate areas that require improvement and indicate solutions that should be applied to improve the operation of IT infrastructure.

•  We scan servers and randomly selected workstations with anti-virus and anti-malware programs.
•  We identify accounts with administrative privileges.
•  We identify accounts that have remote login privileges.
•  We identify installed software and launched services in terms of popular software enabling remote access to the work unit, as well as for monitoring user activity.
•  We analyze the status of installed patches and updates (compared to MS Update).
•  We analyze backup procedures (backup encryption).
•  We analyze security and access to the mail server, WWW, FTP.
•  We analyze the procedure of granting access rights to disk resources and files.
•  We analyze the procedure for granting, storing and changing passwords to the IT infrastructure.
•  We analyze the procedure for deregistering an employee from IT systems in the event of leaving / dismissal.
•  We analyze the backup system.
•  We analyze the configuration of the hypervisor.
•  We analyze the configuration of server operating systems.
•  We carry out security analysis and physical access procedures to the server room.

IT audit report

The audit of the IT infrastructure is completed with a report containing the above elements as well as conclusions and proposals for changes of the IT environment. Audit results are additionally discussed with clients.

Our offer also includes