Network and Internet Security

Network Vulnerability Assessments and Penetration Testing

Firms utilize the Internet to expand their business and provide reliable and timely customer and employee communications. They must address the risks to their business from hackers, disgruntled employees and systems users. Changes in attack vectors, increases in attack sophistication and evolving complexity of systems and compliance burdens create increased liability from security incidents and lack of due care. Are the control measures you have in place functioning and can they be relied upon? Do these controls and monitoring procedures react fast enough to changes in attack sophistication and approach? How do you know?

FDC Associates has extensive experience in Network Vulnerability Assessments and Penetration Testing for clients in Finance, Banking, Health Care and the Insurance industry. Our staff has over 10 years experience with industry scanning and mapping tools, public domain utilities and proprietary vulnerability identification and analysis software to answer your questions.

Our Vulnerability Assessment Process

A thorough vulnerability assessment shows the complete network security posture. We review measures that protect your network from external or Internet-based attacks, as well as attacks that originate within the organization or "on the inside." These multiple vantage points permit us to assess attack vulnerabilities available to the unauthorized user, the authorized user and the network administrator. Trust relationships, security and application architecture - including the appropriate use of DMZ's, operating system vulnerabilities and security patch management and data base configurations are all considered in the evaluation process. We seek to identify true exposures and vulnerabilities. A weakness in one control is evaluated against a strong compensation control in another area, resulting in an accurate assessment of your protection measures.

Our starting point is an information reconnaissance that we perform to find out as much as possible about your business and Internet presence and supporting infrastructure. Network and system diagrams are reviewed and used to conduct a thorough analysis of information, data flows and storage locations. Social engineering is performed to determine how much information can be obtained from your employees and how this information could be used to promote a compromise of telecommunication security.

During vulnerability testing we utilize a variety of commercial and open-source scanning tools to perform an exhaustive review for vulnerabilities on the identified computer hosts, including analysis of web applications, databases, server platform security and wireless access points.

Data analysis is performed by FDC Associates' expert staff that analyzes and assimilates the information, using proprietary vulnerability and risk analysis software. The end result is a clear, comprehensive report that documents our findings and identifies the risks in accordance with the National Institute of Standards and Technology (NIST) information quality standards, using the Common Vulnerability Scoring System (CVSS) database and rating system criteria. Finally, each identified concern has our remediation recommendation and references to any necessary tools, patches or procedures necessary to affect the solution.

Our Penetration Testing Process

FDC Associates has developed a structured penetration testing methodology that securely and effectively determines if the control measures can be bypassed by actively exploiting the identified vulnerabilities. Building on the documented vulnerabilities, our security engineers drill down into specific areas to prove or disprove that a true control weakness exists. Using a variety of structured tools, including known weak default passwords, cross-site scripting, SQL injection and Open Data Base Connectivity (ODBC) and other transports, we seek to obtain root or administrator level access to your IT hosts, and / or access to system and sensitive data files.

Using our structured approach, our security engineers have been very successful at compromising control measures and recommending robust remediation solutions. For more information on how FDC Associates can provide IT Audit Solutions for your Network and Internet Security, complete an Information Request or Contact Us.