Our vulnerability assessments looks at your desktops, servers, routers and firewalls and provides you with a snapshot of security issues that require addressing. The vulnerability assessments is a vital part of a risk management program and provides valuable data for risk analysis activities.
It is important to remember that all network environments differ in layout, scope and complexity. Our assessments COULD include any or all of the following steps:
Network Vulnerability Assessments:
- Assess to understand the risk and threat exposure level from malicious/unauthorized users
- May be performed on internal or external networks
- Discover the extent of network exposure to Internet attackers, or malicious insiders
- Enumerate and exploit vulnerable network services, applications, devices, and operating systems
- Perform vulnerability analysis and threat exercise to determine possible extent of damage or ease of access
- Document vulnerabilities, remediation, and root causes of insecurity
Host and Device Security Services:
With our expertise and hands-on experience, The Saturn Partners can improve the security of:
- Operating systems
- Mainframes (OS/390) and AS/400
Storage Security Assessments:
Security doesn’t end with testing of traffic and codes. Safety of your stored information assets is paramount. We can perform the following for you in this important area:
Security Analysis of SAN/NAS Architecture:
- Authentication (CHAP, DH-CHAP, None)
- Authorization (WWN, iQNs, UID/GIDs, SIDs)
- Encryption (Decru/Neoscale vs. Software encryption)
- Denial of Service (Data destruction and unavailability)
Security testing of SAN/NAS Networks:
- iSCSI SAN (CHAP Attacks, iQN Spoofing, SNS Man-in-the-Middle, Domain/iGroup Hopping)
- NAS (Authentication Attacks, Authorization Bypass, Export/Share enumeration)
- Fibre Channel SANs (WWN Spoofing, Zone Hopping, DH-CHAP Attacks, LUN Mask Subversion)
External Vulnerability Assessments
An external assessment consists of examining the customer’s web presence from across the Internet. Web applications and services are reviewed for vulnerabilities. Below are some of the various assessments options:
- Review external firewall rule sets and router configurations
- Obtain DNS zone information
- Map external network devices and servers
- Identify open ports and associated services on external network
- Identify Operating System and server vulnerabilities
- Review patch levels on external network devices and servers devices and servers
- Review remote management process and procedures
- Analyze web application for vulnerabilities associated with e-commerce, shopping cart and business
- Security review of network topology and server placement in DMZ, and Extranets
Internal Vulnerability Assessments
An internal assessment consists of examining the customer internal architecture from an on site inspection. Below are some of the various assessments options:
- Review firewall rule sets and router configurations
- Identify open ports and associated services on network devices, servers and desktops
- Identify Operating System and Server vulnerabilities
- Review patch levels on internal network devices, servers and desktops
- Scan for Trojans within the internal environment
- Examine anti-virus implementation and procedures
- Review remote management process and procedures
- Security review of network topology and server placement in DMZ, Intranet and Extranets
- Review file sharing information and access (e.g., NFS and SMB/CIFS shares)
Combined External and Internal Vulnerability Assessments
Clearly the most value added is a combined assessments where both the examination of the customer?s web presence from the Internet and an on site inspection give the customer a full perspective of their current security posture from the inside and out.
The combined assessments can be performed at one time or broken down into phases based on the size of the organization and preference. As an added benefit, attractive 1 and 2 year contract arrangements can be set up to review specific areas during the course of a year providing a cost-effective approach.
Furthermore, Vulnerability Assessments can be combined with Penetration Testing, Wireless Security Audits, and / or Web Application Assessments.
Each assessment will consist of a comprehensive two-part report.
Part one is intended for senior management and includes an executive summary of the assessments and outlines the risks and solutions in plain English.
Part two is intended for IT staff and contains the details of technical misconfigurations and vulnerabilities. In addition, the pert two makes recommendations how to repair / fix the misconfigurations and vulnerabilities.
Regulatory Compliance Assistance
The Saturn Partners, Inc. has extensive experience helping clients from the financial services, health care, utilities, chemicals and legal services industries.
In addition to our IT Vulnerability Assessments, Network Security Policy and Disaster Recovery Planning and Auditing, we now offer specialized Risk Assessments services, either as a standalone service or part of our Environmental Auditing process.
Our state of the art, in-depth and highly detailed Risk Assessments service performs highly specialized analysis of risk levels in your IT environment.
Using the latest information gathering methods combined with the use of software targeted at your industry compliance specifications, we can provide detailed and easy to use assessments information to give you a critical blueprint for valuation and the setting of proper risk levels to your precious IT assets.
Here is a partial list of compliance audits your organization, depending on your industry, may face or will be facing down the road. We are already familiar with these requirements issued by various government bodies and our risk assessments is a valuable tool to help you prepare:
- Gramm Leach Bliley Act
- ACC Responsible Care Act
- ISO 141001
- Sarbanes-Oxley (SOX)
- NERC (North American Reliability Council) for Electrical Utilities
- ISO 27001
- NIST 800
- HSPD-12 Standards bodies.
However, even if your industry isn’t required to adhere to a specific government-regulated set of requirements for securing IT assets, our Risk Assessments service is a can’t miss tool to help you increase overall security parameters in your IT environment.
Call us or email us today for more information.
Risk Assessments… another valuable tool in your overall sound security program!
Among the many threats to the client that SPI is trained to spot, analyze and build a defense against, are these:
- Devices Compromised: Anything related to botnet and malicious communications;
- Cloud Application Usage: Such as Dropbox, communicating sensitive data;
- The Virtual System: vulnerabilities such as VMware ESX and Amazon EC2
- IOS, Bring Your Own Device (BYOD) and Android: real time detection with device vulnerabilities captured and integrated data from mobile devices.