Icon6.png

Internal Vulnerability Assessment - IVA

description

Our technical vulnerability assessment provides your organization with an understanding of technical risks present on your internal network. Many organizations face a number of threats from internal sources including disgruntled, careless, or bored employees. Or threats that originate from external sources that exploit weaknesses in internal network controls such as weak, poor or misconfigured systems and applications. It is important for each organization to understand these risks within the organization. E3 can provide clear understanding by carefully analyzing and testing internal systems to determine any weaknesses. 


TESTING OBJECTIVES

Our vulnerability assessments consist of automated scans as well as hand testing and validation. Examples of areas to be tested are:

  • Router / Infrastructure Security

Routers, switches, hubs, and other supporting devices will be examined for security, proper storage of passwords, account access logging, and correct configuration.

  • Server Security

Our review includes all operating system, application, and utility patches, security settings, and audit tracking. We evaluate the current level of password storage security, segregation of duties, and compensating controls. The servers' position in the network topology is also evaluated and our recommendations are both technical and specific in nature.

  • Application Account Policies

We will determine whether account policies conform to corporate standards and industry best practices. Account policies determine what restrictions are placed upon valid users. These include options such as the following: password length, password effective life, location users may login from, any time restrictions that are applied to users, etc. With security restrictions, it is important to remember that an effective security restriction allows authenticated users the minimum amount of freedom and still allows all necessary work to be completed without restriction.

  • Password Security

E3 will determine whether user account passwords conform to corporate standards and industry best practices regarding strength and composition. We also will review the password policy and its adherence at the domain level, core application and other key application with sensitive member data.

  • Secure Passwords

Secure passwords are difficult to maintain in that the very thing that makes a password secure makes it difficult to use. Long, complex, frequently changing passwords are certain to provide both users and administrators with unnecessary technical support incidents. E3 will test the organizations controls to prevent theft of passwords. E3 testers will also run password crack and password brute force attempts where applicable.

  • Workstation Security

We will review the security configuration of the desktops and laptops used across the organizations network. Workstation security guards against two distinct realms of risk. First, a risk exists if authorized users have the ability to inadvertently or maliciously compromise security. The second risk concerns unauthorized users 'piggy-backing' on an existing authorized user's session. This risk exists not only with users sharing passwords, but also in the cases where the business environment allows clients, vendors, and visitor's access to office space

Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation

External Vulnerability Assessment - EVA

description

Our External Vulnerability Assessment provides your organization with an understanding of the risks present on your systems with an Internet presence. External threats are those posed by external sources such as hackers, virus, and trojans to your systems that are accessible via the internet. Typical systems include firewalls, routers, VPN concentrators, web sites, email, and domain name servers. Testing will enumerate vulnerabilities and identify possible threats that the vulnerabilities pose. A vulnerability assessment does not attempt to exploit identified vulnerabilities.


TESTING OBJECTIVES

External testing includes the same basic stages as the internal penetration testing does:

  • Passive and Active information gathering

  • Vulnerability identification and ranking

  • Threat modeling and exploitation attempts

  • Detection avoidance

  • Denial of service attacks

  • Brute force attacks

Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon6.png

Active Directory Security Review

 

DESCRIPTION

In most organizations Windows Active Directory is foundational security control. Surprisingly many companies never bother to check if their AD environments are properly hardened. Frequently security feature that can be enabled by security groups, file share permissions, group and local policy are missing or inadequate. Our review focuses on how the organization uses AD security and how it compares to recommended best practices.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
 
Icon6.png

Password Strength Review

 

DESCRIPTION

Are your password policies sufficient? Is it possible for a malicious hacker or insider to compromise passwords for sensitive systems or other users? We can perform testing to determine if your systems passwords are appropriate and adequately hardened against common attacks.


Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.
— Exceeding Every Expectation
Icon6.png

Wireless Network Assessment - WNA

DESCRIPTION

Wireless networks by their very nature are accessible without needing physical access. Has your organized properly hardened its wireless environment? Have you checked for unauthorized Wi-Fi access points on your environment. Our wireless network assessment focuses on the appropriate security hardening mechanisms that should be employed and tests whether they are configured properly.


TESTING OBJECTIVES

Wireless testing consists of the following areas:

  • Wireless heat mapping and identification of wireless access points

  • Assess the ability for an unauthorized attacker to gain access to the

    wireless network

  • Wi-fi intrusion testing

  • Wi-fi brute force testing

  • Rogue access point analysis

  • Review of monitoring/alerting for intrusion attempts.

Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324.
— Exceeding Every Expectation