Our thorough vulnerability assessment looks at your desktops, servers, routers and firewalls.
This provides you with a snapshot of security issues that require addressing.
The vulnerability assessment is a vital part of a risk management program and
provides valuable data for risk analysis activities.

External Vulnerability Assessments

An external assessment consists of examining the customer’s web presence
from across the Internet. Web applications and services are reviewed for vulnerabilities.
Below are some of the various assessment options:

Review external firewall rulesets and router configurations
Obtain DNS zone information
Map external network devices and servers
Identify open ports and associated services on external network devices and servers
Identify Operating System and server vulnerabilities.
Review patch levels on external network devices and servers
Review remote management process and procedures
Analyze web applications for vulnerabilities associated with e-commerce,
shopping cart and business transactions, online banking, and 3rd party access
Security review of network topology and server placement in DMZ, and Extranets.

Internal Vulnerability Assessments

An internal assessment consists of examining the customer's internal architecture from
an on site inspection. Below are some of the various assessment options:

Review firewall rule sets and router configurations
Identify open ports and associated services on network devices, servers and desktops
Identify Operating System and Server vulnerabilities.
Review patch levels on internal network devices, servers and desktops
Scan for Trojans, backdoors and viruses within the internal environment
Examine anti-virus implementation and procedures
Review remote management process and procedures
Security review of network topology and server placement in DMZ, Intranet and Extranets
Review file sharing information and access (e.g., NFS and SMB/CIFS shares)


Combined External and Internal Vulnerability Assessments

Clearly the most value added is a combined assessment where both the examination of
the customer’s web presence from the Internet and an on site inspection give
the customer a full perspective of their current security posture from the inside and out.

The combined assessment can be performed at one time or broken down into phases
based on the size of the organization and preference. As an added benefit, attractive 1and 2 year contract arrangements can be set up to review specific areas during the course of a year providing a cost-effective approach.

Furthermore, Vulnerability Assessments can be combined with Penetration Testing,
Wireless Security Audits, and / or Web Application Assessments.


Deliverables

Each assessment will consist of a comprehensive two-part report.

Part one is intended for senior management and includes an executive summary of the assessment and outlines the risks and solutions in plain English.

Part two is intended for IT staff and contains the details of technical misconfigurations
and vulnerabilities. In addition, the pert two makes recommendations how to repair / fix the misconfigurations and vulnerabilities.

Back to Top