Security Audits
Network &
Systems Security Audits
Security Vulnerability Research &
Exploit Attempts - analysis to determine all potential vulnerabilities
that exist for each network service running on each identified host.
This phase also includes additional analysis, confirming the presence
of these vulnerabilities on specific systems by exploiting identified
potential vulnerabilities and conduct secondary exploitation to
determine what additional vulnerabilities could be exploited when the
first-level vulnerabilities are compromised.
Outside to Inside - Y1’s methods
approximate closely what an external hacker would face trying to break in.
Y1SEs will use a suite of sophisticated tools, ranging from
freeware to tools
that are proprietary to Y1 security partners developed with many years of
operational experience. Y1’s
Security Audit can help an organization effectively and objectively
understand the security state of the network and identify areas to
improve.
Inside to Outside - The internal
assessment begins where the external assessment concluded.
Because extensive remote probes of vulnerabilities discovered
during the external assessment would make an organization’s data
vulnerable to interception, Y1SEs will conduct the audit from inside the
organization perimeter security devices (e.g., a firewall) via an internal
LAN connection. This method permits a more secure and efficient means of
analysis.
The
internal portion of the assessment is particularly important because the
internal network is most often overlooked in network security management.
Many organizations have strong external defenses but almost
nonexistent internal defenses. The internal audit will show to what extent an internal user
could create damage, and allow the Y1SEs to identify the most efficient
means of securing the network.
|
