|
Our vulnerability assessment services
identify security vulnerabilities in networks from the perspective
of the company, from the inside looking out. Security
vulnerabilities not only include technical flaws in systems but also
include many areas that typical network security scanners and
externally originated assessments (e.g. penetration tests) cannot
identify.
We utilize a comprehensive, well proven
methodology to provide a complete picture of the technical security
posture of the site.
Our certified, trained professionals use
their experience and training to identify configuration and
implementation vulnerabilities that may not be obvious to the
organization. They utilize modified checklists based on industry
standards (NIST, DOD, ISO, CERT etc) and scanning tools together
with personnel interviews and group meetings to better identify
risks and understand the business reasons behind configuration and
design decisions.
A vulnerability assessment conducted by
SecurityRiskSolutions also includes recommendations and suggestions
for mitigation. Recommendations will help organizations improve
practices and procedures without necessarily requiring the purchase
of new technology solutions. As a vendor neutral company, we do not
resell any products and therefore maintain complete impartiality
when developing mitigation strategies and providing recommendations.
Vulnerability Assessment
Areas
|
Identified Using:
|
|
Network Scanners and Tools |
Manual Checks and other
Means |
Host
scanning and review of effectiveness of patch management
procedures
|
ü
|
ü |
Firewall ruleset & configuration review
|
|
ü
|
Border
router ACL & configuration review
|
|
ü
|
Network
topology/design review (includes VLANs,
defense-in-depth, remote access etc)
|
|
ü
|
Effectiveness of internal audit processes
|
ü
|
ü
|
Account
review (privileged, user, service and generic accounts)
|
ü
|
ü
|
Security policy review (and level of adherence to them)
|
ü
|
ü
|
|
|
|
ü |
|
