episec about episec services offered pricing of services press releases contact us people: public employee pages security: methods and methodologies learning: episec custom courses site map security: methods and methodologies
 



Security: Methods and Methodologies


At Episec, we take security very seriously. We don't just find known vulnerable services and update them; rather, we attempt to ensure that if a service you run should ever become subject to a future vulnerability, your servers (and, indeed, your company) will not be at risk. To do this, we perform a number of security-related tasks:
  • Operating system hardening: Even if users do not have local accounts on your system, we secure the internal areas of the operating system. Because even if your users aren't meant to have shell access, they may find a way to achieve it. Just think of how many systems have been compromised through improperly coded CGI scripts.

  • Non-root users: If a service can run as a non-root user, we make sure it does. Even if it was intended to be run as root, we have methods of coercion, such as modifying code or (in the case of commercial programs) wrapping library calls. Every program should run as its own individual user to prevent a compromise of one service from affecting others.

  • chroot() environments: We insert programs into chroot() environments whenever possible. Most programs can be placed into restricted environments with no modification at all. Unfortunately, this is a little-practiced method among security companies. Coupled with the removal of root privileges, this can be one of the most powerful methods of securing a system.