Office +44 (0)8700 716716
Sales +44 (0)8700 716400

Email info@interchangegroup.com


Contact Us

 

        
 
External Vulnerability Scan


Search the Site:


Business Continuity Services
High Availablility BES Infrastructures more

SECURITY
How secure is your network? Is someone spying as you read this? more

CPS
reduce your phone bill by as much as 50% more
Interchange Group - Security External Vulnerability

The potential for intruders to gain unauthorised access to systems via an organisation's Internet gateway poses a very real threat.  This is often coupled with embarrassing media attention.  Whilst there are a variety of ways in which ‘black hat’ attacks from the Internet are launched to breach the defences of even a hardened firewall system, the reality is that many networks unwittingly advertise clues about themselves, which can be exploited by hackers.

It is common for unnecessary network services to be enabled on the gateway, for example, allowing Telnet sessions to be made to networking devices and or hosts thereby allowing a ‘foot in the door’. Reconnaissance of an identified network is the first step in any hack attempt. In order to penetrate systems, hackers gather as much information about their ‘target’ as possible in advance. The truth is that this is not as hard as it could be, inadvertently we disclose a lot of information about our networks onto the Internet.

If a hacker cannot gain information about a network or cannot identify a soft target he will move on to another target unless the value of the information that is on a network will make it worth spending time and resources to break into the system.  Using time and resources inevitably means that the attacks and probes will become “louder” enabling the company to stand a better chance of identifying the hack attempts.

Interchange systematically investigates a customer’s network from an offsite Internet connection in much the same way as a hacker would, except that this is a non-disruptive test. Interchange engineers keep up to date with the latest exploits, hacking methodologies, and hacking tools, which, in a controlled situation, can be utilised constructively to expose holes and bugs in versions of the customer’s operating and applications software.

The External Vunerability Scan has three options available:

Silver Service:

  • The client will provide Interchange with the IP addresses that are to be assessed.
  • Three IP address are included in the service offering.
  • A commercial scanning tool will be used on the provided IP addresses.
  • The resulting report will be provided to the customer. It will contain  identified vulnerabilities in the:
    • Hardware
    • Operating System
    • Application

Consideration will be given to any other identified security concerns.

Gold Service:

The Gold Service offering is as Silver but with the following additions:

  • Public DNS records will be examined to identify any potential risks.
  • The tools used in the engagement will also include non-commercial tools and command-line testing to ensure the accuracy, comprehensiveness and validity of the test and results.
  • Interchange will inspect the source code of the client’s website for any reference to internal IP addresses or information that could be exploited.
  • Nine IP address are included in the service offering

The report will also include recommendations that will include actions to  remedy identified vulnerabilities.

Platinum Service:

The Platinum Service offering is as Gold but with the following additions:

  • Mail Servers will be identified and tested for vulnerabilities.
  • The report will also include recommended countermeasures to address  security issues as well as providing the management and technical  recommendations required to correct security concerns.
  • The assessment can be conducted after hours if there is concern from clients or users.
  • Password testing using password grinders and dictionary tools.
  • PABX and RAS vulnerability assessment included.
  • Twenty Five IP address are included in the service offering

A Review Test is performed after six months but no later than 12 months after the original test.

Optional extras:

Optional additional services are also available upon request to address a broad spectrum of requirements:

  • PABX and RAS vulnerability assessment.
  • “Live” Denial of service attacks can be conducted on client’s request.
  • Extra IP addresses may be tested.
  • Quarterly “subscription” testing of systems to ensure continued and  maintained security levels.
Copyright 2001 - 2008 Interchange Group Limited - All Rights Reserved

For further information contact us by phone

 by fax

 or by email