Evaluation of network security from an internal perspective. We perform a vulnerability assessment of client systems and networks, finding ways of minimizing security risks within the network. This is especially important because many security breaches actually occur from within the network.
An evaluation of network security from an external perspective. We perform a vulnerability assessment of client systems and networks , especially firewalls, switches and routers, which are the Customer’s main line of defense from the outside world. This assessment includes activities performed from two different perspectives;
Having no prior knowledge of the client’s networkThe scans and analysis are performed from two venues, first from the internet to determine vulnerability from outside the State network and second from the State network backbone to determine vulnerability from other departmental networks.
Having some prior knowledge of the client’s network
Quick Hit Assessment
This is a technical evaluation of a single server or device.
Modem Sweep Only
A dial-up assessment. We scan the client’s telephone system to detect the presence of authorized modems. Incorrectly configured modems and unauthorized modems can seriously undermine the network security since they can bypass a client’s main lines of defense; firewalls, switches, routers, and authentication processes.
Password Assessment Only
An evaluation of the strength of passwords and use of default passwords. We can quickly review passwords in the systems selected to verify strong password use or discover weak password use by using of several ‘password cracking tools’. These files remain confidential and in the possession of the client. Weak and default password use should be discouraged since they can quickly provide access to critical systems.
Physical Assessment of IT Assets Only
A security evaluation to check on the measures implemented to physically protect critical systems and access to network components.
Security Culture Assessment
An informal evaluation to gauge the level of employee security practices performed in the client department. Examples of this include checking for workstations left on and unattended, displaying passwords, and allowing unauthorized system access.
Physical Vulnerability Assessment
These assessments determine how
secure locations are from an overall physical security perspective
of the facility. This includes an evaluation of the client’s
security culture, on-site property penetration, and on-site computer
accessibility. Reports include applicable recommendations to improve
or enhance physical security.