Services

Information related to offered services.

Currently offered services will be expanded, depending on the market's demand and the direction the company will be evolving in.


01

Infrastructure (network) penetration testing

Includes external and internal tests. Both services assess the current state of the client’s IT infrastructure, from a technical IT security perspective.

External infrastructure tests focus on the infrastructure which is publicly accessible (i.e. from the Internet; perspective of an attacker with Internet access). Testing is conducted over the Internet.

Internal infrastructure tests focus on the infrastructure which is accessible from within the organization (i.e. from the organization’s local network; perspective of (1) an attacker that breached the network perimeter or (2) a malicious employee). Testing is conducted on-site or, alternatively, via VPN and is, generally, focused on Windows (Active Directory) environments.

Both types of assessments consist of a combination of manual and automated tests. An emphasis is put on identifying risks of the highest severity as well as covering the whole test scope.

Projects delivered professionally, so far, include European clients (finances, government agencies, critical infrastructure, manufacturing).

02

Operating system hardening

Includes Windows OS hardening of client and server systems. Both services focus on reconfiguring the target OS, with the goal of preventing and mitigating well-known technical risks, in order to raise its overall security. Potential system improvements cover a broad area and are based on industry standards, professional experience and best practices.

Windows OS client hardening services focus on end-user (desktop) systems. Implemented changes depend on the target environment and client’s requirements (i.e. specific for each project).

Windows OS server hardening services focus on server systems. Compared to end-user systems, implemented changes are different and vary, depending on the server’s role, the target environment and client’s requirements (i.e. specific for each project).

Both services consist of a combination of manual and automated checks.

Projects delivered professionally, so far, include European clients (finances).

03

End-user education

Includes multiple courses, which cover various topics of technical IT security, relevant for end users/company employees:

general best practices
password management
two-factor authentication
data backup

In order to keep up to date with the changes, that inevitably come along with digitalization, (continuous) education is no longer an option, but a must. Education of end users in the area of technical IT security is often neglected by organizations, which results with numerous unmitigated risks.

End users are always a part of the technical IT security chain and are often its weakest link. Due to this fact, the initial phase of most cyber attacks is focused on end users (i.e. their lack of knowledge/awareness). When successful, such attacks typically provide an entry point into the target organization’s internal network. Most of the biggest cyber breaches followed this pattern, emphasizing the importance of addressing this issue.

All educations focus on relevant hands-on experience and include practical real-life scenario exercises and demonstrations. Every education has a learning curve and provides concrete practical benefits for its attendees.

Where possible, Lighthouse IT Security promotes the use of free and open source software.