AnswerZ is an active participant in the DSD / Australian Standards sponsored I-RAP process and can provide accredited consulting services.

AnswerZ also provides IT security related services for a number of clients, including Government and private organisations.

Department of Employment and Workplace Relations and Department of Education, Science and Training

These two organisations have a co-located Internet presence and AnswerZ provides five IT security consultants to assist in all aspects of the operation of this facility. AnswerZ was instrumental in the agency achieving its initial accreditation from DSD. The site was commended for its industry leading techniques and for surpassing accreditation requirements in several areas (especially log analysis). The site was also recently reviewed by, and received favourable comment from, the Australian National Audit Office as part of a multi-agency review of Internet security in Government Agencies.

Department of Defence

AnswerZ supplies several consultants to this organisation to assist it with IT security related issues: usually on a project basis.

Tenix Group

AnswerZ remotely manages the Internet facilities for this Australia-wide organisation. The major Internet connection is located in Melbourne in a third-party data centre. The contract for this service was recently renewed and the client has subsequently appointed AnswerZ to extend its services to encompass management of the LAN/WAN environment.

Centrelink

AnswerZ provides high-level security related advice to Centrelink, assisted the agency to achieve re-accreditation with DSD.

As part of the re-accreditation activity, AnswerZ has also developed and commissioned intrusion detection facilities within Centrelink including the deployment of an intrusion detection, monitoring appliance.

Penetration Testing

AnswerZ has also performed penetration testing for a number of clients and provides an on-going penetration test facility using its own suite of software, NetPI®.

Using that suite of software AnswerZ (and, as it requires, the client) undertakes regular external probing of the target to perform various assurance tests such as:

  • Service Availability

    This confirms that all the services that should be available are available to external users.

    For instance, this checks to see that all the web sites are delivering content and that DNS and SMTP services are also responding.

  • Service Leakage

    This confirms that services and information that should not be externally visible are in fact concealed.

    For instance, where devices within a firewall might support SNMP read capabilities for management purposes, no SNMP request from an external site is honoured.

  • Exploit Check

    This check confirms that no known exploits are visible. For instance, this checks that the SMTP server does not support relay capabilities and that the DNS does not support zone transfers.

  • Configuration Check

    These checks are typically service specific. For instance, that a test user with an FTP account has the intended privileges (perhaps read only) and is incapable of write or navigation operations.

  • Content Check

    For instance, for DNS and web servers NetPI will compare the content returned against its database and advise (or SMS alert) when there is a disparity.