|
VISTA Phase I
After we have received your
authorization, we start working with you and will conduct the Vulnerability
Internet Security Test Audit (VISTA) as soon as possible. Normally, you will received the finally
reports in one to two business days.
The VISTA does not trigger a Denial of Service because the audit allows for a variable bandwidth load (low, medium, high,
and maximum) on the machines it is scanning. We always conduct
the testing using "low" bandwidth so that there is no inference
with your operations. The VISTA closely
monitors the time-response (through RTT, response-time tests) and
dynamically adjusts the load appropriately so that you will probably
not even notice when the VISTA is conducted.
VISTA
Phase
II
Through a secure SSL browser based connection we log in to your supplied
IP address and scan the active IP addresses. By supplying
these IP addresses we are able to scan and identify all network devices
accessible via the Internet.
These devices may include routers, switches, hubs, firewalls, Web servers,
mail exchangers, UNIX and NT servers, workstations, desktop computers such
as PC and Macintoshes, printers, and other network appliances.
List of Vulnerabilities scanned.
| Devices identified |
Devices scanned |
? Routers
? Administrable Switches
? Administrable Hubs
? Operating Systems
? Firewalls
? Web Servers
? FTP Servers
? LDAP Servers
? Load Balancing Servers
? Databases
? E-commerce |
? DNS
and bind
? Back doors and Trojan horses
? CGI
? Databases
? E-commerce
? File Transfer Protocol
? Firewall
? MS Front Page
? General Remote Services
? Hardware & Network appliances |
? Information
services
? (NIS, LDAP, WHOIS)
? Information gathering
? Mail services
? News server
? SMB/Netbios Windows file sharing
? SMTP and Mail Transfer
? SNMP
? TCP/IP stasks
? Web server
? MS Windows
? X-Window |
VISTA
Phase III
During the analysis phase, the Knowledge Base uses its up-to-date database
to test for vulnerabilities. Multiple sources and methods are
employed in updating the Knowledge Base. These methods include the monitoring of hacking sites and research conducted by
our service provider's dedicated engineers. Our service provider has partnered with
Security Focus (the leading publisher of vulnerabilities) to ensure that
the knowledge base is fully current.
VISTA
Phase
IV
Once the identification and analysis phase is completed. We provide easy-to-understand HTML reports that summarize the security of network
devices. At this time, if you
are not satisfied with our service, you shall owe us nothing.
? Summary Information
? Network Information
? Host Information
? Vulnerabilities Detected
? Severity Levels
? Potential Consequences
? Recommended Fixes (w/ patches)
We also generate a Management Summary, which contains a global view of
the security level of all external
network IP addresses and the changes since
the last scan. Sample html reports:
VISTA Phase V
With 34 years IT auditing experience,
we provide a written report to your Board of Directors that ensure them
that the vulnerability test was conducted properly and that the reported
results are accurate. We are a member of the
Information Systems Audit and Control
Association and adhere to the Standards for Information Systems Auditing
and the Code of Professional
Ethics.
|
