• Contact
• Company
• Insights
• Services

  Strategic Advisory
  Risk Assessment & Management
  Security Policy & Framework Development
  Regulatory Compliance
  Third Party Vendor Risk Management
  Security Audit Readiness
  Incident Response
  Presentations & Speaking Engagements

  Technical Assessment
  Penetration Testing & Vulnerability Assessments
  External Attack Surface Assessment
  Internal Vulnerability Assessment
  Wireless Network Security Assessments
  Open Source Intelligence Engagements
  Application-Specific Testing
  Social Engineering Susceptibility
  Reporting

  Training
  Information Security Awareness
  Secure Code Development
  Customized Security Training

Control Validation

Prove it or Lose it Pop quiz: what are security controls? Are they ethereal, like policies, standards, or procedures, or are they physical things like firewalls and WAFs? The answer is all of the above. A security control is something you do or use that is intended to make you or your data more secure. That includes policies, training materials, and all other tools and solutions employed. So obviously we need controls, and we have often put in considerable effort to get them, but what about needing to prove how well the controls are performing?

Advanced SQL Server Man-in-the-Middle Attacks

Overview During an application security assessment performed for a client, we encountered an application that was relying heavily on the encryption features of the Tabular Data Stream (TDS) protocol implemented in Microsoft SQL Server to protect communications over untrusted networks. Out of curiosity, we investigated how different configuration settings on both the server and client change the security properties of this protocol. We quickly realized that their communications were insecure.

Summit Discusses the HIPAA Omnibus Final Rule with Aldrich Advisors

Interview with Kate Othus We recently had an opportunity to chat with Kate Othus, Partner and Healthcare Business Advisor at Aldrich. Kate asked us about the changes to HIPAA under the Omnibus Final Rule and how they will impact medical practices. We’ve include the transcript below. What are some of the recent changes to HIPAA that are causing heartburn for medical practices? HIPAA, as we experience it in the Privacy and Security Rules, went into effect in 2003 and 2005, respectively.

IDS/IPS Whitelisting

What is IP whitelisting? Why do you want us to whitelist you against our WAF/IPS? When we perform penetration tests and vulnerability assessments, we often ask clients to whitelist our source IP addresses. This allows us to be unfettered in our interactions and assessments of a client’s server. We request this to accomplish the following: a) To aid the client in recognizing and differentiating the network traffic we generate during a test

Copyright © 2017-2023 Summit Security Group, LLC | Terms of Use | Privacy Policy