Click A Section of The Lock
Dooling Information Security Defenders
Specializing in Offensive & Defensive network security services
The single most effective security measure may be to know your enemy -- the tools, techniques, and motivations of attackers. DISD utilitizes these same tools and techniques to help you uncover issues that attackers may exploit to compromise systems, guess or steal credentials, pilfer sensitive data, establish a peristence, stealthy presence on your network, or cause system disruptions and downtime. DISD consultants have expertise in the multiple types of security assessments
We provide independent, offensive and defensive security services to a broad range of clients.
Use the arrows to move left or right to learn more
The key to securing an organization's information assets is awareness, preparedness, and vigilance. Awareness of critical assets and information to be protected, weak points that may be targeted, and indicators of attack and compromise. Preparedness comes from implementing the appropriate tools, techniques, and processes to provide protection, monitoring, and response. Vigilance requires that these technologies and processes work well for people, to enable efficient and unrelenting defense.
Risk is inherent in every organization's use of information technology, and resources to address these risks are limited. Risks should be reduced as efficiently as possible. With that understanding, DISD focuses on providing prioritized security services in order to make the most significant reductions in information security risks.
DISD is a vendor–agnostic consultant and services provider. We strive to provide the highest quality solution for each unique situation, and will not be beholden to any software vendors or conflicting interests in doing so.
Working with a large regional utility company, DISD performed a "blind" external penetration test and dial-up connection security assessment. DISD performed realistic, unassisted target reconaissance and enumeration activities, pausing briefly to verify the identified targets before continuing with the external testing. Concurrently utilizing dozens of leased Voice-over-IP (VoIP) provider lines, DISD enumerated and fingerprinted over 50,000 DID numbers over the course of a week, and identified weak authentication credentials for several connected systems, left unprotected by modern network security defenses.
DISD performed a wireless site survey, identifying potential rogue access points, and wireless network and client penetration test at a hospital campus. This project uncovered insecure authentication mechanisms, weak encryption protocols, and network segmentation issues. DISD provided tailored recommendations to the client to address each of these issues, including Active Directory Group Policy guidance to deploy hardened wireless settings for several thousand client systems.
DISD assisted a major ticket sales and distribution company in their PCI compliance efforts by performing penetration tests for a wide variety of cardholder data-processing applications. These ran the gamut from legacy thick client applications, dealing with issues such as connectionless transport protocols and insecure local storage to web applications and web services facing SQL injection, to interactive voice response (IVR) systems and Kiosk interfaces affected by parameter tampering issues.
DISD performed pre-deployment penetration tests for an electronic health record (EHR) software-as-a-service (SaaS) provider during their beta testing period. This engagement included authenticated testing of multiple web applications and services, as well as the supporting infrastructure. DISD also performed post-remediation testing, and provided a letter of attestation describing the testing scope, methodologies, original results and post-remediation results, allowing the provider to demonstrate their commitment to secure development processes.
DISD developed security information management device integration modules for an international banking client, to capture credit and debit transaction data. This data was utilized to help develop and improve proactive fraud detection systems, and to provide detailed audit evidence for investigations.
For additional information or to inquire about our services, please contact us using the form below