We have been performing IT security checks within the Fraunhofer-Gesellschaft since 2002 and provide consulting regarding its IT security coordination. Checks are performed for Fraunhofer institutes as well as for central services of the Fraunhofer-Gesellschaft. Our security engineering and the regular checks are continuously developed further and are based on the ISO 27000 series. The current checking catalog includes, among other things, the Internet connection concept with perimeter router and firewall, the communication services and the core network services, the network, virtualization, data storage and data backup, client security and mobile devices, and physical security.
In addition to these things, we perform network penetration tests. For this purpose, we have built a professional tool suite for scanning networks and services (read team activities). In addition to the identification of weak points, it also includes suggestions for suitable countermeasures and the hardening of systems and services. We also have project experience in the area of “WebExploits”, the use of special search engines (Shodan, PunkSpider), and checks regarding the use of SSL/TLS (incl. X.509v2 certificates).