Internal Vulnerability Testing

The E3 Internal Vulnerability Assessment provides your organization with a clear understanding of the risks present on your internal network. Many organizations face a number of threats from internal sources including disgruntled, careless, or bored employees. It is important for each organization to understand the risks posed by each system within the organization. E3 can provide the understanding by carefully analyzing internal systems to determine any weaknesses.

Process
E3's Internal Vulnerability Assessment service follows the basic process outlined below:

  1. Attach scanning devices to internal network
  2. Find live hosts available for scanning (E3 will omit any sensitive devices if required)
  3. Conduct port scans of all live hosts
  4. Conduct vulnerability assessment using vulnerability scanning tools
  5. Verify vulnerabilities using manual scanning and verification techniques to eliminate false positives
  6. Write report of all vulnerabilities including remediation steps
  7. Review report with internal staff

 
Items Reviewed
The following specific items are covered during the scope of an Internal Vulnerability Assessment:

  • Topology: Review of Internal Architecture and External Connectivity
  • Router / Infrastructure Security - verify default passwords have been changed, patches are current, and configurations are correct
  • Server Security (including Core applications) - insure correct segregation of duties exists, verify default passwords have been changed, patches are current, and configurations are correct
  • Network Sharing - verify that current sharing of documents is appropriate and meets current policy and procedure guidelines
  • File / Directory Access Control - along with the network sharing, we will review who has access to files and directories and verify if it meets the needs of the organization.
  • Intrusion Detection / Prevention - we will verify that your intrusion detection / prevention system is functioning correctly and that staff is correctly monitoring
  • Workstation Security - we will verify that patches are current, password controls are adequate, and that access controls are appropriate
  • Password security - we will review the organization's password policy and insure it is adequate and that it is being followed
  • Logging and Monitoring - we will review the methods used for logging, auditing, and monitoring of systems and insure that it is appropriate
  • Physical Security - We will review the organization's data center to insure that systems have adequate backup power and environmental controls

 

Are you interested in E3 Services? Do you want more information or a proposal? For more information or to receive a Request For Proposal questionnaire please contact us toll-free at (866) 585-8324 or via email at webmaster@e3tech.net.

© 2001-2010 E3 Technology, Inc. All rights reserved.