Internal Network Vulnerability Assessment and Security Review
Critical Defence’s Risk Management Team utilizes commercially
available, open source and proprietary processes, tools and software
to perform an on-site vulnerability assessment and security review
of designated internal client networks, systems and devices.
Deliverables of a typical Internal Network Security Study include
but are not limited to:
-
Network
Vulnerability Scanning: On-site scans utilizing numerous
commercial, open-source and proprietary developed tools will be
deployed to collect information regarding the existence of known
vulnerabilities.
-
Password Cracking: Password cracking tools will be used to test
compliance with both existing company password policies and industry
accepted best practices.
-
Manual
Testing: Hands-on inspection of design and configuration issues
will be conducted to identify security issues outside of scanner
detection capabilities. This includes an examination and assessment
of security design issues, firewall rule base and router and server
configurations.
-
Vulnerability Analysis & Verification: All information collected
will be analyzed to validate on-target vulnerability existence. If a
discrepancy or potential false positive is identified, further
testing will be conducted to validate the authenticity of the
vulnerability.
-
Vulnerability Prioritization: All identified vulnerabilities
will be prioritized by severity level to assist in the planning and
allocation of resources that will be required for remediation.
Prioritization criteria include potential access granted and/or
damage caused to network assets and resources, potential access to
mission critical systems and information, and the skill level
required to perform a particular attack or exploit.
-
Countermeasure Determination: One or more detailed
countermeasures will be recommended for each vulnerability
identified. The countermeasures will provide a roadmap for
remediation.
|
|
NERC
