Media Plexus Inc. provides best in class security services for small and medium businesses. Our Motto: Security is a process.

 Firewall and VPN Implementation:
Every network must have a firewall and remote access is becoming a norm very quickly. IT risk mitigation starts with the firewall but certainty it does not end there. Today's companies use complex Internet based services and requires combination of security technologies for save operations. Remote access, host auditing, alerting, services patching, risk assessments, are key elements. There are some affordable Linux based all in one solution we can recommend here.

 Windows Network and Active Directory Security:
Each Windows Network must control its' users access to critical files, ensure that important files are always available, backup is made and no intruder has access to the system. Solution will entail Domain Risk Assessment, Server Security Tuning, Host Intrusion Detection System, Configuration Monitoring, Auditing Server Logs.

 Workstation / Client Security:
There is more to keep workstation secure from all the adware, spyware, trojan horses and Internet worms than Antivirus. The state of the art solution employs Application Level Firewall which is capable of catching unknown malware applicaptions. Adware/Spyware must be detected and removed by resident cleaners. Workstation software must be kept current to prevent intrusions. To control software deployed on workstations, Security Gateway needs to be deployed which will act as a central console for the agents implemented on workstations. This may be the same server as Security Gateway Appliance. One of the products suitable for the task is Cisco Secure Agent.

 External Vulnerability Assessment:
Port scanning, Service scanning, Web Application Scanning and Penetration Testing. All of these techniques are known as black-box testing. It is testing from the point of view of external attacker. Only the most grave errors are usually found this way, but they are the ones which attacker are most likely to exploit. This service does not require access to client's internal network.

 Internal Vulnerability Assessment:
Includes port, service and web application scanning enhanced with system and network architectural review, auditing of web servers configurations based on risk assessment. This approach called grey-box testing provides more comprehensive results as compared to external testing. The testing usually results in providing step by step procedure on how to secure the network to IT Admins or the Remediation Team. The remediation usually includes patching, upgrading services to current versions, fine tuning of firewall and router access lists, installing application IDS to shield hard to fix applications, etc. This comprehensive service is performed on client's internal network with the help of Security Service Appliance with provides all the services and remote access to IT Sec Professionals performing the tests or gathering test results.

 Software Security:
Code Architectural Review and Risk Based Testing of the Code: This is very developer knowledge intensive - offshore?

 Unix and Linux Server Security:
Host Hardening, Log analysis, Access Controls for Linux and Unix servers.

 Mail Security:
Configuring Web Mail Access, Securing Mail Server from abuse, institute patching process. Protect mail client from hostile mail worms.

 Wireless Security:
Updating/Implementing the wireless infrastructure with state of the encryption and security protocols which recently were immensely improved.

 Incident Response and Forensics:
Assessing the extent of intrusion, recommending cleanup process, assisting in data recovery, gathering forensic evidence, performing emergency Lock Down of system or Lock Out of rogue user.

 IT Security Policies:
Assisting in creating security policy for your network which will be practical enough to be more than a wishful thinking on a piece of paper.

 Architecture Review and Infrastructure Design:
An architecture review is a high-level analysis of an organization's security infrastructure. It focuses on the integration of applications, systems and network infrastructure and how this affects overall system security. Typically, the primary focus of an architecture review is the IP-based perimeter systems and applications, which define the strength of the border around a company's internal network. This includes the firewall infrastructure, routers, exposed services, external links, virtual private networks, and remote access services. The outcome of the review is a set of suggested changes to the existing architecture. These changes can be implemented either internally or by skilled security professionals if internal resources are limited. During an infrastructure design, our security professionals take into consideration what you already have installed and what - based on your security strategy and level of risk - you would need to add. Then, using their first-hand knowledge of the best-of-breed technology available, they design a solution that fits your requirements and risk management posture. The security infrastructure identifies which particular security mechanisms and technologies best suit the requirements, and how the various components interact.

 Penetration Testing:
Companies install and configure all kinds of security technologies, such as firewalls, network- and host-based intrusion detection systems and virtual private networks. They all contribute to what looks like a complete and integrated security set-up. The objective, of course, is to safeguard applications and data against the threat of a hacker attack. But does it work? Automated scanning tools or standard testing procedures can help validate the efficiency of these security measures. But the only real test is an attempted attack by a hacker.

 Web Application Vulnerability Assessment:
Today's business applications typically have one or more Web components. Unfortunately, Web application developers often have a limited security background. Our security professionals can assess security vulnerabilities at the application level. In some cases, the security vulnerabilities will be found in the Web server and with the other back-end data sources. In other cases, the application itself can contain security vulnerabilities that can be exploited by hackers. During the web application vulnerability assessment, our team of security professionals will thoroughly test the existing security measures of your Web applications using the latest commercial and 'underground' knowledge and tools. They will immediately identify shortcomings and suggest countermeasures where possible.

 Risk Management:
An effective risk management strategy is built on three pillars: a business assessment, a risk assessment and a risk mitigation strategy. As each of these three components will differ from one organization to the other, no two companies will have the same risk management strategy.

 Business assessment:
Aimed at answering the most important question in risk management: why do you need security? It helps to identify the business stakes, the information assets and the security requirements. Also legal and regulatory requirements are evaluated at this stage. The resulting assessment is then matched against the business constraints, including resources and capabilities.

 Risk assessment:
Identifies what should be protected against which likely threats, and how much impact these would have on business survival. The result is a well-defined risk profile of your organization, allowing you to establish a meaningful set of priorities, which will help you make sound security decisions.

 Risk mitigation:
Will answer the question: how do you secure your organization in a way that is justifiable and appropriate for your business. It comprises a set of safeguards such as policies, procedures, standards and a security architecture, required to deliver the right level of security at the right place and at the right time. At the conclusion of this stage, a strong security foundation has been built.