|
|
|
Security Management:
Security Assessment
Security assessments are focused reviews on
the configuration, usage, monitoring, and capabilities of your network
infrastructure in reducing risk to your information assets. It is
technical in nature and most effective when coordinated with the
company's information security personnel. A security assessment can
consist of a
vulnerability assessment, pentration test, or security training.
A Vulnerability assessment is a process using
sophisticated tools and methodologies to anaylze deficiencies,
whether technical or physical, in either systems, processes,
environment, and even behaviors. Its purpose is not necessarily to
exploit those vulnerabilities rather to verify they exist.
We can provide assessments or implementation for any of the following:
- Web sites or applications
- Application integration
- Dial-In/Remote Access/VPN
- DMZ or Network Architecture
- Wireless Networks
- Intranet sites or applications
- End-user device security
- Firewall security
- Social Engineering
- Physical Security
- Information Security Policy
- Information Security Awareness Program
- Information Security Risk Assessment
- Incident Response Program
- Disaster Recovery Program
Network Penetration Test
The purpose of any penetration test is to
assist a company in determining what vulnerabilities may be exploited
against its data, systems, or other information assets. A
penetration test subjects a system to real-world attacks selected and
conducted by our security staff. The benefit of a penetration test is
to identify the extent to which sensitive information can be
compromised before an
actual determined attack. Only a real penetration test can simulate
what would happen if a determined hacker were to attack your
organization. A penetration test can either be internal or external,
enterprise wide or targeted. Internal penetration tests require the
knowledge of private network information.
The internal test is performed under the scenario that someone from
within the organization, knowingly or unknowingly, compromised system
or application vulnerabilities that host critical information assets.
Internal employees often have more knowledge on the weaknesses and
vulnerabilities of the company's infrastructure.
External penetration tests operate under the premise that the tester
obtain as much information about the organization and then use that
information to scan or attack systems or applications from outside the
corporate network.
An enterprise wide penetration test will attempt to reach every device
on
the network while a targeted test only attempts to access those systems
specified by the company.
|
|
|
|