clients / case studies / businesses

Savera Billing Systems

Goal

To reduce exposure to industrial espionage.

Solution

A comprehensive security design.

Results

Introduction

Savera, a inter-carrier telecommunications billing company, felt that they were targets of potential industrial espionage for the intellectual property of their systems. Its diverse IT environment that included multiple Windows, Solaris and Linux platforms needed to be audited and secured to minimize any such possible risks.

Ephibian was called upon to carry out auditing and security improvements.

What did we do?

  • Interviewed Savera management and IT staff to obtain an overview of the current situation, assess priorities, assess concerns, and develop an asset and risk profile
  • Ephibian personnel then obtained the existing network and systems topology as well as existing security policy documents
  • Carried out a comprehensive security audit of Savera’s entire IT infrastructure including network, operating systems, and procedures
  • Employed tools to thoroughly scan for security vulnerabilities
  • Made recommendations for a network intrusion detection system
  • Provided reporting capabilities that automatically notified system and security administrators when attempted breaches were detected
  • Eliminated unnecessary network services
  • Updated server daemons

How did we do it?

  • In coordination with Savera management and staff, non-intrusive security tools were used to scan the network internally and externally for vulnerabilities using Security Administrator’s Integrated Network Tool (SAINT™), Network Mapper (Nmap), and the Nessus remote security scanner
  • We examined the firewall rule sets, VPN connection options, access controls, audit log mechanisms, monitoring systems, and notification systems then made recommendations that vastly improved the overall system security
  • We documented the system security tools and procedures
  • Implemented sophisticated security automation tools including Tripwire, Log Monitor, SWATCH, Klaxon, and others.

What was the result?

The resulting system provided a manageable, high degree of security with a clear security policy.