Network Threat & Vulnerability Assessment

The use of extranets and e-Business technologies opens organisations up to the outside world, and only through the effective use of security technologies can increased risks to company information assets be mitigated.

eSecure’s Network Threat & Vulnerability Assessment, aka Network Penetration Testing aims to provide an appraisal of the defences put in place to protect the information assets from attack.

External Perimeter Network Penetration Testing

The perimeter network penetration testing is conducted from eSecure’s network assessment environment (or customer’s simulated external network) and attempts to obtain unauthorised, external access.  This type of testing is typically undertaken to assess the publicly accessible hosts within your network from the Internet. It allows you to understand the security posture of your externally visible network infrastructure.

Techniques such as strobing, port scanning, banner identification and analysis, vulnerability analysis and exploitation testing are used to assess the perimeter network from an external perspective.

Areas of focus and review during the external network assessment include infrastructure mis-configurations, outdated patch levels, default installs, use of extraneous IP services, insecure file and directory permissions, default username/passwords, and provides a good understanding of the external controls that may protect (and hide) some of these potential vulnerabilities from the Internet.

Internal Network Penetration Testing

Internal network penetration testing can also be conducted from within the customer’s network to determine the risk of internal fraud, or compromise of internal information data resources.  Similar scanning techniques are undertaken, although additional techniques such as packet sniffing may be used to identify information flows and encryption mechanisms used.

This typically involves the extensive use of scanning tools and manual testing for common vulnerabilities.

Areas of focus and review during the internal network assessment include infrastructure mis-configurations, outdated patch levels, default installs, use of extraneous IP services, insecure file and directory permissions, default username/passwords, and provides a good understanding of the internal risk posture of your organisation.