Security evaluations are separated into two general catagories, an external or perimeter evaluation and an internal evaluation. NCC Networks provides a “Perimeter Defense” security evaluation and a “Full Network” security evaluation.
A “Perimeter Defense” consists a series of a “blind” information gathering session from the Internet followed by a series of simulated attacks from an Internet segment on the customer’s premises. These simulated attacks and other checks include:
Denial of Service
Intrusion
Port and Network segment scan
Operating System and Service vulnerability report
Inbound and Outbound Virus protection check
Trojan Intrusion Defense
Authentication Verification
Firewall Best Practices Check
Internet Router Best Practices Check
Recommendation Report
A “Full Network” security evaluation includes all of the checks and reports of a “Perimeter defense” evaluation plus an evaluation of devices on the internal network. The evaluation of these devices includes:
Server Operating System Vulnerability Report
SNMP Community String Check
Service Vulnerability Report
OpenPorts
/ Services Check
Secure Routing Best Practices
Authentication and Security Server system check
Recommendations Reports
After security audits are complete, an itemized report with explanations and results will be given. In these reports are details on the specific vulnerabilities found for each system and the recommended action to resolve each specific issue.
