|
A WinMill Software Network Vulnerabiltity Assessment
is an independent, objective assessment of your organization’s
public facing network. WinMill brings to the project our extensive
experience across all phases of secure software development, infrastructure
design, and IT auditing. The deliverable of a Network Vulnerability
Assessment is an assessment of the following:
• Intrusion Detection Methodologies. We evaluate
the intrusion detection system that you have in place (if any),
and determine their effectiveness. If there are specific types of
security breaches that are not being identified by your system,
we can show you how fix the deficiencies.
• Public Facing Fingerprint. WinMill will probe
your network in order to determine your internal IP architecture
and services. This will tell us how much information about your
network an unauthorized user can access. We use publicly available
resources to perform this evaluation.
• Firewall Policy. You tell us what protocols and
services are supposed to be permitted through your firewall, and
we will compare these to the results of our testing. If there are
gaps, we can show you how to close them.
• Application Servers. WinMill will probe your
servers for known operating system and application vulnerabilities.
This assessment will tell you if patches need to be applied or your
configurations need to be modified.
• Penetration Mitigation. We will perform a second
set of vulnerability tests from inside your network. This procedure
allows us to determine how vulnerable you are to an employee security
breach, or to an external hacker who penetrates your firewall.
• Denial of Service Attacks. With written permission
from your management, WinMill will attempt to exploit vulnerabilities
in your website, applications, and/or network architecture in order
to cause system failure or network node failure. This will create
a Denial of Service. Confirming your resilience against an attempted
DoS attack provides the ultimate assurance that your network is
secure.
• Web Application Vulnerability Review. Time permitting,
WinMill will perform a vulnerability assessment of your custom web
applications. We will provide an analysis based on security risks
and potential vulnerabilities. This will enable you to evaluate
the level of secure design being applied to your custom application
code.
During the course of our assessment we will highlight potential
issues, make recommendations to improve security, and identify areas
that should be investigated further. The deliverable of this engagement
is a high-level document covering the points noted above as well
as the methodology used to test the vulnerability of the network.
The document will be delivered during a closing meeting where your
management and WinMill will discuss the findings and next steps.
A WinMill CISSP-certified security engineer oversees a Network
Vulnerability Assessment. This project may include significant client
participation. Please plan to make key staff members available as
needed. A basic Network Vulnerability Assessment includes 40 hours
of assessment and analysis and costs $10,000.
Note: A Network Vulnerability Assessment for larger or more
complex networks may require more than 40 hours to complete. We
will review your network before beginning the Assessment to determine
whether our Basic Assessment will be sufficient, or if your network
warrants a Premium Assessment.
Recommended Follow-Up Service:
Custom Security Consulting
Application Security Code Review
|
