Internet Security Assessments
Internet Security Asssessment answers the question "How easy is it to hack into the company from the Internet?". The scope of this test includes all infrastructure that is accessible from the Internet, such as web, mail and FTP servers, routers, and firewalls. The result of the test is a list of security problems discovered in the Internet-facing systems arranged in order of severity and recommendations on fixing those problems.To start the test we require a list of network blocks or IP addresses provided by the customer. We scan the specified networks and identify accessible hosts. The list of hosts we have found is given to the customer to approve. This is done to avoid testing systems that do not belong to the customer and to avoid attacking crititcal systems that the customer does not want to be tested.
Having an approved list of systems to test, we proceed to scan each system to determine its purpose, OS and services that are visible from the Internet. We look for bugs and misconfigurationswith a security impact in each host and service. If a problem is detected we manually verify it by attempting to exploit it. If exploiting the problem might have an impact on the server, we first contact the customer and agree on the exact date and time of the test.
The Internet Security Assessment usually excludes custom web applications. For in-depth analysis of web application security we recommend a web application test