CYBER SECURITY SERVICES ASSESSMENT & REMEDIATION
Phase 1 – Remote Assessment
All services listed in Phase 1 will be completed remotely. Assistance will be required from one of the Client’s employee on site in the second half of Phase 1. The first portion of Phase 1 will be completed without internal assistance to replicate a targeted hack attempt. This will be a non-exploitive test. The Partner will report on identified vulnerabilities or weaknesses but the Partner will not attempt to actively exploit the findings. The Client must designate external public IP addresses to be tested.
- Layer 3 Penetration Testing
- VPN Penetration – Testing all aspects of VPN tunnels that may be active and visible to testing procedures.
- Edge Firewall Configuration Testing – Testing all aspects of the edge firewall device, identification and vulnerability assessment of firewall
- End-Point Discovery, Port Discovery
- Local Area Network Topography Mapping
- Service Route Discovery
- Wireless LAN Route Exploitation
- Edge Router Penetration & Exploitation (Vendor Specific Vulnerabilities)
- Wireless LAN PSK Encryption Exploitation
- Google Apps Penetration
- End-Point Application Vulnerability (Drop Box, Cloud Sharing, Out-of-date, etc)
- DDoS Resilience
- DDoS Probe
Phase 2 – Onsite assessment
Physical inspection of systems, networks, connectivity, access controls, configuration management, and security policy review for completeness.
- Layer 1 Security Testing
- Testing Malware resilience
- Direct Access o Single User Sign On, Admin password elimination
- Key Scan, Key Log Audit and penetration
- Data Vulnerability Assessment (Desk, Office)
- User space exploitation (Operating System Exploitation)
- End-Point Vulnerability Assessment
A formal report will be issued at the completion of both phases that will include an overview of the findings from our assessment, as well as any recommendations regarding remediation. A copy of the full testing results will be included as an appendix to our report. All of our reports are in electronic PDF format via a secure website or via secure email. Report turnaround time is one to two weeks following the conclusion of the assessment. Expedited issuance of reports is available upon request and may incur additional charges.