Request an obligation free quote for a vulnerability assessment.
See also:
- Comprehensive Vulnerability Risk Assessment and Penetration Testing (cVRAPT)
- Internal Vulnerability Risk Assessment (iVRA)
External Vulnerability Risk Assessment & Penetration Testing specifications:
Mile2 Assessors will conduct an eVRA & Penetration Test using methodology which conforms to Information Systems Audit Standards issued by the Information Systems Audit and Control Association. Additional sources of testing procedures include CERT/CC, the SANS (SysAdmin, Audit, Network, Security) Institute and NIST (National Institute of Systems and Technology). Our unique expertise with federal government regulations like GLBA, Sarbanes-Oxley, HIPPA and the Patriot Act help ensure Compliance Management and Audit Readiness. Mile2 will conduct an examination of the potential vulnerabilities to the perimeter network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access that could have potentially catastrophic and costly consequences.
Mile2 will conduct an examination of the potential vulnerabilities to the perimeter network under the premise of a “Zero Knowledge Attack”. This methodology includes gathering publicly available information about given IP/ranges and/or domain names(s). This includes searching public records and websites available on the Internet to discover potential security exposures. In addition, physical sites, systems and applications will be probed in order to identify potential security weaknesses and later perform penetration testing against them.
Each engagement is unique and Mile2 Assessors will dynamically introduce attack methods relative to the vulnerabilities identified. Our attacks are designed to mimic the actions and techniques of a hacker. Penetration and vulnerability assessments will include but not be limited to the following:
- E-Mail Server(s)
- Internet/DMZ Servers
- Local and Wide Area Networks
- Physical Security
- Telecommunications
- Network OS Services & Patches
- User Profiles
- Firewall & Router Configurations
- Virus Protection Software
- Review Network Security Configurations
- Covert Network scanning
- Manual service probing
- Overt network scanning
- 30,000 CGI abuse scans
- SQL Injection testing (If applicable)
- IDS Evasion and testing
- Firewall Penetration
- Brute Force access
- Email account harvesting
- Internet Information Gathering
- HTTP and HTTPS Scanning
- Custom scripting attacks
- Man-in-the-Middle attacks
- Mail messaging system auditing
- Port Scanning
- Ping Sweep & Trace Routing
- Open Source Search
- Network Vulnerability Scanning
- Social Engineering
- Denial of Service
- Application and Banner Grabbing
- Server Identification
- DNS Zone Transfers
- Network Reconnaissance
- Enumeration of Servers
- Modem Inventory
- Network Vulnerability Scanning
- Password Auditing
- UDP/TCP Scanning
- NetBIOS Null Sessions
The Final Report will include a grading format ranging from Severe to Low with recommendations for remediation. Recommendations generally include but are not limited to the following: Sample configurations, Patch and service pack recommendations, Training – Technical and/or Security Awareness, Best Practice and Vendor specific recommendations. Full documentation of our work will be maintained and printouts of such work are included as part of the Final Report. Upon completion an Exit Interview will be scheduled with the Client’s internal review committee.
Request an obligation free quote for a vulnerability assessment. |
