| External Vulnerability Assessment |
This assessment evaluates your threat to a network security attack from outside the enterprise. |
| • |
Basic network (limited number of IP addresses) |
• IP addresses and registered domain name information provided by client, and Information gathering, and network reconnaissance of client's DMZ
• External network scan with various freeware and proprietary tools
• Network topology map as seen from the outside
• Detailed vulnerability assessment of ports, services, operating systems (OS), and applications
• Deliverable - report outlining our testing methodology, findings and recommendations
|
| • |
Complex or advanced networks (large numbers of servers or IP addresses) |
• Same as basic network above items
• Review of intrusion detection system (IDS) and audit logging analysis
• Modem and war-dialing review
• Deliverable - report outlining our testing methodologies, findings and recommendations |
|
| Internal Vulnerability Assessment |
This assessment service evaluates threats to a customer's internal network security, including malicious insiders or former employees. Work is typically performed on-site at client premise and may be performed in conjunction with client’s existing IT staff, or without any internal knowledge of our efforts. |
| • |
Basic Internal Network (less than 50 IP’s, dynamic or static) |
Map network: including physical inventory, active scans, ports, services and protocol analysis (with focus on unusual); and OS configuration and patch analysis.
• Remote Access assessment, as well as methods of authentication.
• Web and Application Server vulnerabilities.
• Host based IDS evaluation
• Virus scanning policies/procedures
|
| • |
Advanced Internal Network (up to 250 IP’s, dynamic or static) |
• Same as above
• Costs will vary based on size and complexity of the customer's network. Client specific pricing will be provided after consultation, as part of the Statement of Work.
|
