Services

Network Design

Whether you need a secure network built from scratch, or an existing one fortified, Digital Forest Security will provide you with a comprehensive defense-in-depth network security strategy that meets your business needs while also providing a level of security commensurate with the data you are protecting. Some of the components to a secure network design that we incorporate into all network designs include, but are not limited to:
  • Network segmentation
  • Router and switch security configuration
  • Remote access needs
  • Principle of least access
  • Security-trust model
  • Perimeter definition and design

Policy Management & Enforcement

Computer Use Policies Statistically, over 70% of all information security incidents are generated internally from unintended consequences of legitimate actions, disgruntled employees, and mistakes by system administrators and users alike. Do you have policies in place to manage these risks? Even more importantly, do your employees know about and understand these policies? One of the most important facets of a defense-in-depth information security strategy is the creation of appropriate computer use policies and the subsequent education that's required to ensure understanding and compliance. The consequences from not having appropriate use policies can be severe.  Case law has now determined that employers are liable for illegal content stored on company servers if it was put there by employees, and can face substantial civil and criminal penalties.  Furthermore, companies have little to no recourse if sexual harassment in the workplace occurs as a result of inadequate or nonexistent appropriate use policies. Additionally, companies routinely lose roughly 15% of their productivity due to inappropriate computer use where polices are either not in place, and/or employees have not been adequately trained. Digital Forest Security can provide easy-to-understand templates for computer use policies and assist businesses in quickly customizing, implementing, and providing employee training. If you don't have appropriate computer use policies defined and publicized within your company, contact Digital Forest Security today to eliminate this potentially devastating hazard to your company and employees.

Training

Digital Forest Security is uniquely qualified to provide training on all aspects of information security due to the varied experience of our members. Every class is custom-tailored to the audience, and information is presented in a professional yet fun environment that makes learning entertaining, yet effective for every person in your business.  We also understand that your time is valuable, and are prepared to conduct on-site or off-site training, as needed on a case-by-case basis. Some of the topics that we offer training on include, but are not limited to:
  1.     Computer Security for Management
  2.     Security for System Administrators
  3.     Computer Security for Employees
  4.     Incident Investigation
  5.     Internet Safety for Parents
  1. Computer Security for Management – A high-level course that deals with information security from a policy standpoint as well as security awareness and specific topics that affect executive management. Some items covered in this course:
  • Information Security defense-in-depth overview
  • OPSEC considerations for executives
  • Password security
  • Email security
  • Data classification, handling, and disposal
  • Regulatory and legal considerations
2. Security for System Administrators – Focused on a very technical level, this course provides “trial-by-fire” training for system administrators to give them the tools they need to both effectively implement business policies and defend their networks against all manners of information security threats. Heavily lab oriented to maximize understanding. Not for the faint-of-heart. Topics include:
  • Infosec defense in depth overview
  • Password security and cracking techniques
  • Windows 2000/XP system hardening techniques
  • Centralized/remote logging
  • Incident response and forensic investigation
  • Automated log monitoring, alerting, and response
  • Intrusion detection and/or prevention
  • Understanding threats against your environment (the badguy mentality)
  • Prevalent hacking techniques and defenses
  • Practical applications of Cryptography
  • Data classification, handling, and disposal
  • Firewall policy, implementation, and verification
  • Social Engineering techniques and defenses
  • Identity Management concepts and techniques
  • Trust and Security Models
  • OPSEC considerations for system administrators
  • Secure administration of remote machines in hostile environments
  • Risk management
  • Wireless network security and penetration
  • Voice over IP security considerations
3. Computer Security for Employees – Our most popular class, this covers the basic knowledge that every employee must know in order to preserve the information security posture of a company.  Topics include:
  • Acceptable use policies
  • Password security
  • Data classification, handling, and disposal
  • Social Engineering techniques and defenses
  • OPSEC consideration for employees
4. Incident Investigation – A highly technical class for incident handlers, this course provides the student with hands-on experience conducting incident investigations from start to finish. Topics include:
  • Policies and structure of response teams
  • Incident and risk assessment
  • Preserving chain of evidence
  • Forensic analysis techniques
  • Interfacing with Law Enforcement
  • Legal considerations
5. Internet Safety for Parents – This lecture is based on the highly successful book, "A Cybercop's Guide to Internet Child Safety", written by one of our own founders. The book itself can be downloaded for free from his website at www.cybercopguide.com. This is a fun and informative class for parents, teachers, or your employees. This 1 hour interactive talk takes the mystery out of today's electronic frontier and gives parents the tools they need to protect their children. Non-profit organizations may be eligible for free classes. Times and dates for free classes are based on availability and are on a first come first serve basis. Topics include:
  • Internet basics for parents
  • Tracking your child's Internet activities
  • Children as a victim
  • Protecting your child from pornography and cyber harassment
  • Guarding your personal Information

Computer Intrusion & Incidence Response

The unthinkable has happened: your web server was compromised and its contents vandalized by unknown criminals. Did they steal any data? Did they penetrate deeper into your network?  Are they still there now? Do you unplug everything, or keep going in hopes of catching the bad guys? Maybe you've found evidence that an employee was engaged in inappropriate or illegal conduct involving a company machine. What do you do next? Digital Forest Security provides 24x7 emergency incident assessment, response, and handling, as well interfacing with law enforcement. If you need assistance with any type of incident response, please contact us. We also provide Incident Investigation Training for your company. Be prepared before a critical incident occurs.  

Computer & Cell Phone Forensics

Digital Forest Security provides law-enforcement quality forensic examinations as well as certified court expert-witness testimony on a case-by-case basis.

Security Research & Development

Deep Forest Security research analysts have have extensive experience in building and prototyping new systems and electronic devices, as well as examining existing devices, and have produced several unique and intriguing devices, code, techniques, and procedures for our clients. Additionally, we perform open-source research on information security related topics and can provide you with high-quality, confidential answers to advanced questions, empowering your company to make well-informed decisions, We have created or are currently creating new products for such industries as:
  • Government
  • Law Enforcement
  • Counter-Intelligence
  • Physical Security
  • Information Security
  • Internet Service Providers
  • Legal
  • Petroleum
  • Telecommunications
  • Education
Additionally, we perform open-source research on information security related topics and can provide you with high-quality, confidential answers to advanced questions, empowering your company to make well-informed decisions. If you have a particular R&D requirement, please contact us for more information.

Information Risk and Vulnerability Management

No information security strategy is complete without providing the ability for an organization to perform vulnerability assessments and manage risk. Digital Forest has extensive experience in these critical areas, and provides services in the following areas:
  1. Asset/Data Identification and Classification
  2. Internal and External Vulnerability Testing
  3. Wireless, PBX and Voice Over IP (VOIP) Assessments
  4. Physical Information Security Assessments
  5. Operational Security (OPSEC) Assessments
  6. Risk Management Tools and Processes
  7. Foreign Business Markets
  1. Asset/Data Identification and Classification One of the most important components of modern business is the data created by critical business activities. Digital Forest specializes in assisting businesses with the identification and classification of data within their environments.
  • Does your CEO know which data he needs to treat as sensitive?
  • How do you ensure that sensitive data is not accidentally posted on your website?
  • Do you know which systems and network components are critical to your business's survival in the event of a catastrophe?
These questions, although seemingly easy to answer at first, tend to be some of the most difficult issues businesses deal with surrounding the appropriate classification and handling of assets and data. The consequences from errors can result in financial loss, public embarrassment, and even criminal charges in certain situations. 2. Internal and External Vulnerability Testing You've got your policies, procedures, standards and guidelines all in order. Your firewalls are set up, your backups are tested, your employees adequately trained, and your antivirus software now updates itself. But are you really secure? How do you know you haven't missed something? Digital Forest Security analysts have extensive experience in assessing a variety of network and system infrastructures to identify potential vulnerabilities, including but not limited to:
  • Wired networks (internally and externally
  • Wireless networks (802.11a/b/g)
  • NT4 and Active Directory Domains
  • Web-based applications
  • Linux, Solaris, HP/UX, AIX UNIX systems
  • Voice Over IP PBXs
Digital Forest Security actively works with you during the assessment to ensure uninterrupted service and provide real-time feedback as the testing progresses so that you're kept in the loop at all times. All client relationships and assessment findings are kept strictly confidential. 3. Wireless, PBX and Voice Over IP (VOIP) Assessments Wifi technology is one of the fasted growing segments in the Information Technology industry today. As easy as it is to install wifi technology is also one of the most difficult to properly secure. If you're considering installing a wifi network for your business needs, or already have one and want to understand the security issues that surround wifi, Digital Securus can provide you with the latest in security awareness and wifi network design to ensure your data stays just that: yours. The truth is, many wifi implementations today are insecure, and most companies have little or no understanding of the security issues wifi presents nor the extent to which wifi networks are being targeting by thieves, corporate saboteurs, and industrial spies. Ever checked your phone PBX system? Has someone been using your PBX to make free long distant calls? Can someone listen to you voicemails? Your phone calls? Digital Securus can perform an assessment to determine what risks you have when it comes to your phone system. Voice Over IP (VOIP) is a newer and very effective technology that can result in substantial savings for a company. However, improperly implemented, VOIP can expose your company to additional risks including eavesdropping, intrusion, and jeopardize life-safety. Digital Forest can help design robust, secure VOIP networks that reduce or eliminate many of these risks. 4. Physical Information Security Assessments Your business may not need redundant power supplies, cabling, core switches, and routers in a multi-million dollar data center, but is your file server safe from prying fingers? There's an old tenet of information security: If physical access can be gained, complete ownership is attained. Physical Information Security is often undervalued by a business, yet highly targeted by information thieves. Digital Forest Security has the experience to walk through your facilities, interview key personnel to understand your business, and provide a plain-English assessment of the physical security infrastructure along with recommendations to align it appropriately with the importance of the data that supports your business. 5. Operational Security (OPSEC) Assessments A lot can be learned by just watching a target. Bad guys do it all the time prior to committing a crime. Houses are “cased,” executives are followed, banks are watched and armored truck schedules mapped out. Bad guys note shift changes, radio traffic and garbage left in the dumpster. Conference rooms get bugged, and network sniffing devices get placed in wiring closets. This all sounds very “James Bondish,” but in truth this happens quite frequently. Is your business a target? How do you know? Given the unique experiences of the Digital Forest Security members, we are uniquely qualified to assess your business operations and not only determine if you may be a target, but also provide recommendations for improving your OPSEC stance. Contact us today to determine if your business has operational security needs. 6. Risk Management Tools and Processes A new system is being developed and implemented to give you better reporting access on your financials. A web server has just been placed on your extranet to provide clients with information. A new exploit (hack) has just been posted on the internet and a worm/virus is expected within hours. What do you do to keep your data secure while maintaining normal business operations? Can your business afford the risk each of these scenarios pose? Digital Forest Security has proven experience in assisting with the design and implementation of risk management policies and procedures, and most importantly, tools to allow you to accurately determine the level of risk something poses in your environment and the level of response required to ensure your business operations continue unabated. 7. Foreign Business Markets Does your company conduct business in foreign countries? Digital Forest Security can provide your company with guidance and information to help you assess risks unique to conducting business in foreign markets.

Security begins with your attitude, your mindset, your posture. Stay alert, be aware of your surroundings and don't rely only on technology to keep your information safe."

Unknown
Oil/Gas • Banking •  Medical • Energy • Legal Services • Government •  Law Enforcement • Construction and Design • Telecommunications • Insurance • Information Technology Service Providers