USDN

EXTERNAL VULNERABILITY ASSESSMENTS

PHASELLUS PORTA. FUSCE SUSCIPIT VARIUS MI. CUM SOCIIS NATOQUE PENATIBUS MAGNIS DIS PARTURIENT MONTES NASCETUR RIDIC

ULUS MUS NULLADUI FUSCE FEUGIAT MALE

SUADA ODIO MORBI NUNC ODIO GRAVIDA AT C

PHASELLUS PORTA. FUSCE SUSCIPIT VARIUS MI. CUM SOCIIS NATOQUE PENATIBUS MAGNIS DIS PARTURIENT MONTES NASCETUR RIDIC

ULUS MUS NULLADUI FUSCE FEUGIAT MALE

SUADA ODIO MORBI NUNC ODIO GRAVIDA AT C

EXTERNAL VULNERABILITY ASSESSMENTS APPLY TO NETWORK DEVICES VISIBLE FROM OUTSIDE THE NETWORK, SUCH AS WEB SERVERS, MAIL SERVERS, ETC. THIS TESTING IS A SEMI AUTOMATED PROCESS WHICH UTILIZES BOTH PUBLICLY KNOWN VULNERABILITIES AND VULNERABILITIES DISCOVERED IN USDN’S DEFENSE LAB. SPECIAL ATTENTION IS GIVEN TO ANY INLINE DEVICES SUCH AS IDS SYSTEMS AND FIREWALLS TO ENSURE THESE CRITICAL SYSTEMS ARE CONFIGURED CORRECTLY AND OPTIMAL NETWORK PERFORMANCE IS MAINTAINED. VULNERABILITY ASSESSMENTS COMPRISE THE INITIAL STEPS OF ANY IT SECURITY AUDIT, AND REMEDIATION OF FOUND VULNERABILITIES SHOULD BE CONDUCTED PRIOR TO PERFORMING NETWORK PENETRATION TESTING.

INTERNAL VULNERABILITY ASSESSMENTS

USDN’S SECURITY ASSESSMENT INCLUDES AN INITIAL ASSESSMENT THAT IDENTIFIES SECURITY WEAKNESSES AND STRENGTHS OF THE CLIENT'S SYSTEMS AND NETWORKS AS THEY APPEAR TO INTERNAL USERS, OPERATING WITHIN THE CLIENT'S SECURITY PERIMETER. THE GOAL OF THE SECURITY ASSESSMENT IS TO DEMONSTRATE THE EXISTENCE OR ABSENCE OF VULNERABILITIES THAT COULD BE EXPLOITED BY AUTHORIZED INTERNAL USERS OR AN OUTSIDE USER THAT PENETRATES THE CLIENT’S NETWORK PERIMETER.

THE PROCESS WILL ALSO INCLUDE MIMICKING FRAUD TECHNIQUES AND ANALYZING THE EFFECTS OF SIMULATED FRAUD TYPES. INTERNAL INTRUSION TESTING WILL BE CONDUCTED AT THE CLIENT OFFICE LOCATIONS SPECIFIED PRIOR TO THE ENGAGEMENT.

THE ASSESSMENT WILL FOCUS ON:

•SERVER OPERATING SYSTEM AND APPLICATION VULNERABILITIES

•PROTOCOL AND NETWORK INFRASTRUCTURE VULNERABILITIES

•EXCESSIVE OR INAPPROPRIATE USER PRIVILEGES

•INTERNAL ACCESS CONTROLS AND PROCEDURES

•INTERNAL FIREWALLS SEPARATING SUB-NETWORKS AND THE INTERNET

•EFFECTIVENESS IN MONITORING TO IDENTIFY SECURITY EVENTS AND ANOMALIES

•ABILITY TO IDENTIFY AND CONTAIN ATTACKS AND EXPLOITS

SPECIAL ATTENTION IS PAID TO CONFIGURATION ERRORS OR APPLICATIONS THAT RESIDE IN CRITICAL NETWORK POSITIONS.

IN PERFORMING THE INTERNAL SECURITY ASSESSMENT, USDN PROFESSIONALS WILL:

•INTERVIEW KEY PERSONNEL WITHIN THE ORGANIZATION

•IDENTIFY AND ASSESS CLIENT INTERNAL SERVERS TO IDENTIFY HOSTS, SERVICES AND NETWORK CONFIGURATIONS

•IDENTIFY AND ASSESS CLIENT INTERNAL SERVERS FOR VULNERABLE PORTS AND SERVICES

•MONITOR NETWORK TRAFFIC FOR USER SENSITIVE DATA (E.G., USER PASSWORDS)

•ATTEMPT INTRUSION OF INTERNAL SYSTEMS

•DETERMINE AND VERIFY ENCRYPTION LEVELS

•ATTEMPT THE SUBVERSION OF ACCESS CONTROLS

•VERIFY VPN CONFIGURATIONS AND OUTSIDE TUNNEL ENCRYPTION STRENGTHS

•VERIFY THE EFFECTIVENESS OF ANTIVIRUS, MALWARE AND TROJAN TOOLS

•TEST THE EFFECTIVENESS OF LOGGING SYSTEMS

•IDENTIFY THE PRESENCE OF BACKDOOR OR ALTERNATE CHANNELS INTO THE NETWORK

PHASELLUS PORTA. FUSCE SUSCIPIT VARIUS MI. CUM SOCIIS NATOQUE PENATIBUS MAGNIS DIS PARTURIENT MONTES NASCETUR RIDIC

ULUS MUS NULLADUI FUSCE FEUGIAT MALE

SUADA ODIO MORBI NUNC ODIO GRAVIDA AT CURSUS NEC LUCTUS A LOREM.