Our vulnerability assessment looks at your desktops, servers, routers and firewalls and provides you with a snapshot of security issues that require addressing. The vulnerability assessment is a vital part of a risk management program and provides valuable data for risk analysis activities.
It is important to remember that all network environments differ in layout, scope and complexity. Our assessments COULD include any or all of the following steps:
External Vulnerability Assessments
An external assessment consists of examining the customer?s web presence from across the Internet. Web applications and services are reviewed for vulnerabilities. Below are some of the various assessment options:
- Review external firewall rule sets and router configurations
- Obtain DNS zone information
- Map external network devices and servers
- Identify open ports and associated services on external network
- Identify Operating System and server vulnerabilities
- Review patch levels on external network devices and servers devices and servers
- Review remote management process and procedures
- Analyze web application for vulnerabilities associated with e-commerce, shopping cart and business
- Security review of network topology and server placement in DMZ, and Extranets
Internal Vulnerability Assessments
An internal assessment consists of examining the customer internal architecture from an on site inspection. Below are some of the various assessment options:
- Review firewall rule sets and router configurations
- Identify open ports and associated services on network devices, servers and desktops
- Identify Operating System and Server vulnerabilities
- Review patch levels on internal network devices, servers and desktops
- Scan for Trojans within the internal environment
- Examine anti-virus implementation and procedures
- Review remote management process and procedures
- Security review of network topology and server placement in DMZ, Intranet and Extranets
- Review file sharing information and access (e.g., NFS and SMB/CIFS shares)
Combined External and Internal Vulnerability Assessments
Clearly the most value added is a combined assessment where both the examination of the customer?s web presence from the Internet and an on site inspection give the customer a full perspective of their current security posture from the inside and out.
The combined assessment can be performed at one time or broken down into phases based on the size of the organization and preference. As an added benefit, attractive 1 and 2 year contract arrangements can be set up to review specific areas during the course of a year providing a cost-effective approach.
Furthermore, Vulnerability Assessments can be combined with Penetration Testing, Wireless Security Audits, and / or Web Application Assessments.
Each assessment will consist of a comprehensive two-part report.
Part one is intended for senior management and includes an executive summary of the assessment and outlines the risks and solutions in plain English.
Part two is intended for IT staff and contains the details of technical misconfigurations and vulnerabilities. In addition, the pert two makes recommendations how to repair / fix the misconfigurations and vulnerabilities.
Announcing Our Newest Specialized Security Service. Risk Assessments targeted at your industry compliance needs
The Saturn Partners, Inc. has extensive experience helping clients from the financial services, health care, utilities, chemicals and legal services industries.
In addition to our IT Vulnerability Assessments, Network Security Policy and Disaster Recovery Planning and Auditing, we now offer specialized Risk Assessment services, either as a standalone service or part of our Environmental Auditing process.
Our state of the art, in-depth and highly detailed Risk Assessment service performs highly specialized analysis of risk levels in your IT environment.
Using the latest information gathering methods combined with the use of software targeted at your industry compliance specifications, we can provide detailed and easy to use assessment information to give you a critical blueprint for valuation and the setting of proper risk levels to your precious IT assets.
Here is a partial list of compliance audits your organization, depending on your industry, may face or will be facing down the road. We are already familiar with these requirements issued by various government bodies and our risk assessment is a valuable tool to help you prepare:
- Gramm Leach Bliley Act
- ACC Responsible Care Act
- ISO 141001
- ISO 17799
However, even if your industry isn't required to adhere to a specific government-regulated set of requirements for securing IT assets, our Risk Assessment service is a can't miss tool to help you increase overall security parameters in your IT environment.
Call us or email us today for more information.
Risk Assessments... another valuable tool in your overall sound security program!