IT Health Check
IT Health Check
Pentest People are a CHECK accredited company and can scope and perform your IT Health Check (ITHC) for access to the Public Services Network (PSN).
Web technologies have advanced in recent years and so have the Web Applications that we all use daily. With this advancement and reliance on web technologies, we have also been exposed to security risks associated with these applications.
The Public Services Network (PSN) is the government’s high-performance network, which helps public sector organisations work together, reduce duplication and share resources. Organisations, both public and private sector that require a connection to the PSN require to complete a Code of Connection (CoCo) application
It is a requirement of the CoCo application to provide a recent (within 12 months) IT Health Check report that has to be performed by a qualified organisation. Pentest People, through their CREST membership and CHECK Service Providerstatus, are able to provide ITHC services to organisations requiring connection to the PSN.
Not only does the ITHC allow access to the PSN, which is a great benefactor to your business but simply showing you’re on the network demonstrates that your organisation’s security arrangements, policies and controls are sufficiently rigorous.
Organisations connecting to the PSN have to perform an annual IT Health Check in order to sustain the connection.
External Assessment
The External Assessment part of the ITHC should include public-facing services such as email servers, web servers and other systems such as the firewalls in place to prevent unauthorised access from the public Internet into your organisation.
Any other inbound connections from the Internet such as Remote Access or Site-to-Site Virtual Private Networks (VPNs) also need to be penetration tested as part of the engagement. This assessment takes place for the infrastructure and authentication methods in place to protect the connections.
Internal Assessment
Internal testing takes the form of a Penetration Test and should include Vulnerability Scanning and a thorough Manual Analysis of your internal network.
At a minimum it should include:
- Desktop and Server build and configuration, and network management security
- Patching of Operating Systems, Applications and Firmware levels
- Configuration of Remote Access solutions including Virtual Private Networks (VPNs) and the associated authentication
- Build and Configuration Review of Laptops and other Mobile devices such as phones and tablets used for remote access
- Internal Security Gateway configuration including the Firewall connection to the PSN network.
- Wireless Network configuration
The assessment of the above look to provide assurance that your internal systems are configured in a secure manner and are being properly maintained.
How Can We Help?
Pentest People can help alleviate the risks associated with IT Security issues by performing regular internal and external assessments of your corporate infrastructure to identify the issues and to give you an ability to remediate these before an attacker would exploit.
Pentest People can provide a full engagement from scoping the assessment and carrying out both the external and internal assessments. An IT Health Check report will be presented as the deliverable of the project that can be used for your Code of Connection application for access to the Public Services Network.
The ITHC for PSN Compliance would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.