Request an obligation free quote for a vulnerability assessment.
See also:
- Comprehensive Vulnerability Risk Assessment and Penetration Testing (cVRAPT)
- External Vulnerability Risk Assessment & Penetration Testing (eVRAPT)
Internal Vulnerability Risk Assessment (iVRA) Specifications:
Mile2 Assessors will conduct a iVRA (Internal Vulnerability Risk Assessment) using methodology which conforms to Information Systems Audit Standards issued by the Information Systems Audit and Control Association. Additional sources of testing procedures include CERT/CC, the SANS (SysAdmin, Audit, Network, Security) Institute and NIST (National Institute of Systems and Technology).
Our unique expertise with federal government regulations like GLBA, Sarbanes-Oxley, HIPPA and the Patriot Act help ensure Compliance Management and Audit Readiness. Mile2 will conduct an examination of the potential vulnerabilities to the internal network to ensure security safeguards are in place to protect valuable assets and confidential information against unauthorized access that could have potentially catastrophic and costly consequences.
A typical IVRA engagement may include ANY OR ALL the following assessment tasks:
- Blindly determine the internal IP address schema for all internal networks
- Enumerate all devices on the internal network
- Scan and Document all ports and services for all network targets
- Exploit existing vulnerabilities
- Join security domain and perform network reconnaissance
- Perform comprehensive Security Posture Analysis
- Review and document the presence of Malware, Spyware and Virus activity
- Perform employee Workspace Reconnaissance
- Perform review of Data Network Security Policy
- Perform review of Physical Security
- Enumeration and Identification of The Client Wireless networks
- Enumeration of Wireless Networks and Client Nodes in the expected area of the implemented wireless Network
- Penetration testing of discovered networks belonging to or operated by The Client
- Email Social Engineering attacks
- Physical reconnaissance utilizing Social Engineering (Impersonations)
- War Dialing for voice and data
- Policy Review of BCP and Disaster Recovery plans
The Final Report will include a grading format ranging from Severe to Low with recommendations for remediation.
Recommendations generally include but are not limited to the following: Sample configurations, Patch and service pack recommendations, Training – Technical and/or Security Awareness, Best Practice and Vendor specific recommendations. Full documentation of our work will be maintained and printouts of such work are included as part of the Final Report. Upon completion an Exit Interview will be scheduled with the Client’s internal review committee.
Request an obligation free quote for a vulnerability assessment. |
