Professional Security Services

Motorola’s Professional Security Services are designed to enable our customers with best-in-class consultation before, during and after system acquisition. Today’s customers are dealing with more sophisticated technology, and must contend with more stringent regulatory compliance and budget constraints than ever before. Utilizing these Professional Security Services is a cost-effective way to raise customer awareness of potential vulnerabilities in technical, operational and managerial controls. By working with Motorola’s experienced and credentialed security professionals, customers will best be able to mitigate risks commonly associated with Internet Protocol (IP)-based wired and wireless communication systems. Motorola has the first-hand experience to deliver professional security assessment services for Land Mobile Radio (LMR) and the majority of Motorola’s wireless portfolio.

Information Assurance (IA) Professional Assessment Service

Understanding compliance mandatesGovernment customers and their ASTRO® 25 communication systems are subject to specific compliance requirements, such as FISMA, DIACAP, CJIS or CALEA. Navigating these mandates can be complicated and organizations may need assistance understanding these requirements and how they are applicable to Motorola systems. The Information Assurance (IA) Professional Assessment Service can be utilized to guide personnel through the configuration of compliance mandates that are applicable to their specific organization.

Identify possible gaps in mandate complianceThe goal of the IA Professional Assessment Service is to help organizations understand Motorola’s IA enhancements, when to apply them and what risks and benefits are achieved by doing so. Certified members of Motorola’s Security Services team will perform a gap analysis on customer-identified compliance mandates and determine an actionable remediation plan for closure of these gaps. After the assessment is completed, the Motorola Security Services team member will conduct a one-on-one, in-depth final report to ensure full understanding of the findings, their impact to the organization’s security and the recommendations for gap closure.

Phases of the IA Professional Assessment ServiceThere are five phases during the IA Professional Assessment Service: •AssessmentOverview-Thisphaseconsistsofcallswithkeycustomerstakeholders,discussionof potential impacts, reviewing policies and procedures and any previous audit findings. •GatherData-Thisphaseconsistsofcustomerinterviews,documentcollection,conductingsystem\ scans and examining system configurations. •ReviewData-Thisphaseconsistsofreviewingthecollecteddocumentationandanalyzingthe findings, creating recommendations and preparing the final deliverable report. •PresentReport-Thisphaseconsistsofconductinganin-personworkshopwiththecustomerto review the findings, present the analysis executive summary, review the full technical report and discuss next steps for gap resolution. •Follow-UpQ&ASession-Thisphaseconsistsofafollow-upsessiontobeconductedwithintwo weeks of the completion of the assessment. This will be a session where the Motorola Security Services team member can answer any final questions from the customer.

Benefits of the IA Professional Assessment ServiceThe IA Professional Assessment Service can benefit a Government organization in several ways: •Helpavoidpenaltiesthatcouldbeincurredfrombeingnon-compliantwithIAmandates •AdheringtoIAmandatescanhelpthesecuritypostureofthenetworkbyhavingstrongerlevelsof protection •Helpreduceoverheadassociatedwithrepairsthatresultfromsecurityincidents,andexpeditethe upgrade activities •Provideactionable,prioritizedrecommendationsforriskremediationthatarebusinessandcost justified

Penetration Testing Service Solution

Networks must be protected from malicious attacksOpen networks can attract many different types of activity, from insider attacks to malicious usage by an outside

source. Part of the foundation of an organization is the strength of their network and the protection of the sensitive information for their business ventures and their employees. Motorola is dedicated to helping protect your open network through the Penetration Testing Service Solution.

Identify security vulnerabilitiesThe goal of Penetration Testing is to demonstrate the real-world risks an IP network faces using real-world methods of breaking into that system and exploiting its security vulnerabilities. Conducted by a certified Motorola Security Services expert, the Penetration Test will illustrate proof that the exploit was successful without interfering with the system availability. For example, in a SysLog file protected by firewalls and encryption, the Motorola Security Services expert will type “Motorola was here,” but will not interfere with the system’s operations.

Conducted on-site at your organization or from a remote location, Penetration Testing can help you identify where your network may be unprotected, which could lead to the network being compromised by various attack vectors. Sometimes a mandatory requirement per multiple compliance mandates (such as NIST 800-53), a Penetration Test can help ensure your networks and systems are operated in a secure manner.

Phases of a Penetration TestThere are six phases during a Penetration Test: •Recon-Passiveinformationisgathered,suchasinternet searches, finding company IP addresses and learning as much about the company as possible.

•Scan-Aninteractivereach-outbasedontheinformationgatheredduringtheReconphase.Findout operating software, computers that are using the Internet, perform the Network Vulnerability Assessment. •Exploit-TheMotorolaSecurityServicesteammemberwilltakethenetworkvulnerability assessment information and attack the system/gain access to the system. This is a manual process of trying to “hack” the system and paralyze it by taking advantage of vulnerabilities. •Local-Onceaccessisgainedtothenetwork,theMotorolasecurityexpertwillscanasmany machines as he/she can obtain access to. •Escalate-TheMotorolaSecurityServicesteammemberwilltrytogainadministratorrightsto the customer’s IP network. Then the team member will loop through steps 2-5 to try to gain access to other machines on the system. •AnalyzeandReport-TheMotorolaSecurityServicesteammemberwillreviewthefindings/results from the Penetration Test and generate a technical report. The report will then be presented to the customer during a 1-day, in-person workshop where the Motorola Security Services team member can walk through the report, present recommendations for correcting vulnerabilities and answer basic security questions.

Benefits of a Penetration TestA Penetration Test is one of the most accurate ways to ensure that a network is optimally protected against takeovers or malicious activity. Benefits of the Penetration Testing service solution includes: •Peaceofmind:ThelessonslearnedfromacompletedPenetrationTestcanprovidethenecessary knowledge to help keep your network secure. •Reducedtotalcostofownership:APenetrationTestcanidentifysecurityvulnerabilitiesbeforethey are exploited, which can reduce total cost of ownership by preventing attacks that could be costly to repair. •Confidence:Thein-personreviewofthePenetrationTestresultswillgiveyoutheconfidenceand knowledge to implement the necessary tools for optimal network security.

Security 101 Workshop

Education is keyOperating an ASTRO 25 open network requires numerous security policies to ensure the safety of the system, and ease of use by those who depend on the communications network in times of need. All network operators must understand the need for information security and how information security affects the day-to-day operations of their network.

User awareness is the fundamental key to success of any information assurance and security program. The goal of the Security 101 Workshop is to provide end users with a fundamental knowledge base around the concepts of information security.

Taught by a certified Motorola Security Services expert, the Security 101 Workshop is a half-day, in-person workshop that educates on the fundamentals around information security best practices to help keep two-way radio and IP networks protected from malicious attackers. The workshop will provide a high level description of common threats, industry best practices and how it applies to the LMR and public safety environments. Including an overview of the security features of the ASTRO 25 system, the Security 101 Workshop will provide the necessary knowledge to increase understanding of the impact information security has on your organization, and how you can help increase the security posture of your network.

Topics covered during the courseDuring the Security 101 Workshop, the following topics will be addressed: •WhatisInformationSecurity?-Thismodulecoversthebasicsofinformationsecurity,suchastypes of malicious attacks, current trends in information security, and case study examples of information security practices. •TheVectorsofAttack-Thismodulecoversthecurrentthreatstoyoursystemandidentifiesways that attackers can enter and compromise your network. •HowCanIProtectMySystem?-ThismodulecoversSecuritybestpracticesthatcanhelpkeepyour network safe, including a review of the security features on the ASTRO 25 system.

Benefits of the Security 101 WorkshopThe Security 101 Workshop will provide many benefits to your organization, including: •Improveoperatorknowledgeandmaximizesystemperformance •Acceleratethelearningthatusersneedtofullyutilizetheircommunicationsolutions •Lowertotalcostofownershipbyutilizingsecurityfeaturesyoulearnabouttohelppreventa possible malicious attack on your network •Motorola’sstrongunderstandingofsecurityandexpertisewiththepublicsafetysectorprovides a major differentiator, with the ability to focus on public-safety related issues. Other security trainings are targeted at Information Technology professionals, not the public safety market.

Motorola, Inc. www.motorola.com/services/government

The information presented herein is to the best of our knowledge true and accurate. No warranty or guarantee expressed or implied is made regarding the capacity, performance or suitability of any product. MOTOROLAandtheStylizedMLogoareregisteredintheUSPatent&TrademarkOffice.Allotherproductorservicenamesarethepropertyoftheirrespectiveowners.©Motorola,Inc.2009

The Motorola differenceUnlike any other communications network, if voice and data networks designed for first responders and law enforcement are interfered with or compromised, human lives are put at risk. Over 2,300 customers have entrusted the support of their communications network to Motorola, including many in the public safety and Federal Government world who rely on service solutions to keep their systems performing consistently and continuously available to their users. With more than 80 years designing, manufacturing and supporting mission critical communications systems, Motorola has created a comprehensive portfolio of service offerings and choices that provide the exact level of support that fits your unique business.