 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
 |
 |
 |
|
||||||||
 | 2/4/2012 9:55:39 PM |
 Internet Based Description: An External Security Vulnerability Assessment (ESVA) is an External scan and penetration test of a network node(s) from a public source (Internet). This test simulates the techniques hackers would use to enter your network from the outside world. An ESVA utilizes a number of tests to probe each IP address for known services and then scopes these services for known flaws and common misconfigurations. Our ESVA looks at both UDP & TCP services on IP nodes. It also tests for common Denial of Service techniques, password flaws as well as confusion attacks that can halt your services by simulating scenarios that confuse information management protocols such as SNMP. We also attempt to "piggy back" into your servers using such transports as Directory Traversal and CGI security flaws. Currently our ESVA utilizes over 1000+ security checks, takes nothing for granted, and is constantly updated as new attack patterns are identified. What is tested: The test can be directed to firewalls but more commonly toward network nodes protected by firewalls. A firewall allows only approved traffic to pass through it to internal nodes. A common misconception is that this protects your internal nodes completely. Indeed only allowing approved traffic to pass through limits your security liability, but there are many attacks that can use these open traffic paths to penetrate and attack a network. An ESVA will tell you what. if and how the allowed traffic is a security risk. How it works: You supply us with the IP addresses of the nodes you would like scanned. These should be available via your firewall and not "Internal" only nodes. If you would like your firewall tested* we will need to know your firewall brand and revision level. We will then undertake the ESVA at some point unknown to you during a 7 day (or more for larger scans) window you allow to us. This could take place at any time of the day or night and without warning. The information will then be analyzed and invetigated and a report with recommendations drawn up for you. * Testing a firewall is recommended although it should be noted that the results are potentially limited because a firewall by default has very restricted publicly available resources. However, the firewall is critical in your defense scheme, in that a crack in this critical device could expose your entire network. An ESVA will analyze common problems such as default passwords and known revision issues. A copy of the Firewall configuration will be required to complete the analysis. Telephone Based Description: A customer-supplied list of Telephone numbers is "War-Dialed" to audit modem services available to an external user. Each number is dialed in turn to see if a computer picks up the line and tries to negotiate. Each success connect is noted and later redialed and an attempt made to scope out the response received. Once again, no attempt is made to penetrate any systems found. Service type and possible flaws are located and the possible security hole simply reported. What is Tested: Whole blocks of numbers can be tested to see which pick up. Some customers like to focus in on Phone Systems and Telephone Banking Systems where the options within the initial numbers are investigated. Business hours and After hours scans are also common. How it Works: You supply us with a list of phone numbers to call and any requests for specific times to call. Voice Response Systems & Telephone Banking Systems are queried to find hidden or administrative options not listed and the passwords for these are probed for security issues. » Call today for more details: 478-738-9849 or Toll Free 1-800-872-5203 | |||
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
 |
 |
 |
 |
 |
 |
 |
 |
|
||||||||