|
The VISTA penetration study and Internet
security test is much more sophisticated than just scanning ports.
As a hacker would begin, we also begin by conducting a comprehensive
port scan. The TCP and UDP port scans provide vital information
about the open ports from which critical data is obtained. This
critical data provides the in-depth penetration-vulnerability
information necessary for the Internet security audit.
With the information gathered from initial port
scan, we perform a network discovery that depicts the network
topology, access points to the network, machines names, IP
addresses, operating systems, and discovered services, such as HTTP,
SMTP, Telnet, SNMP, etc. With this captured information, the
appropriate vulnerability is selected out of over 5,000 know
vulnerabilities; the appropriate test is performed, and results
interpreted.
The penetration security risk assessment,
includes all routers, switches, hubs, firewalls, servers,
workstations, printers, and wireless access devices.
During the testing, detection and auditing
databases includes PostgreSQL, Oracle, SQL Server, MySQL, Microsoft
SQL, and
Sybase. These tests for vulnerabilities or erroneous configurations
show the possible access points that would allow for information
leaks, theft of data and confidential customer information,
unauthorized penetration that could lead to intrusion, and denial of
service attacks.
The testing is further capable of identifying
viruses, backdoors, worms, Trojans, and other malicious
applications. This testing is accomplished by sending specially
crafted packets to the accessed host and analyzing the response.
Yennik, Inc. uses Qualys, Inc. a worldwide leader in
providing vulnerability assessment services. Qualys performs over
150 million scan a year. While we use their QualysGuard vulnerability assessment program and technicians,
we actual control and run your external VISTA. QualysGuard is
state of the art commercial vulnerability analysis software to perform the vulnerability test of the configuration of
your Internet connection to your computer operations. The
QualysGuard knowledge base of exploits is constantly updated, which
ensures that at the time of the test all know vulnerabilities were tested.
Qualys employs multiple sources to updating the knowledge base, including
Bugtraq (a list of new vulnerabilities published and updated by Security
Focus, Inc.), hacking sites monitored by Qualys, and the research of
Qualys' own security engineers.
QualysGuard PCI has been approved by the PCI Council to provide PCI
scanning services. The Payment Card Industry Data Security
Standard, known as PCI DSS, is a global security standard developed
by the major credit card brands as a guideline to help organizations
that process credit card payments protect sensitive customer data.
QualysGuard PCI is the only, fully-automated on demand PCI
compliance solution that helps both Acquiring Institutions and
Merchants automate PCI compliance.
Qualys,
Inc., the pioneer of Managed Vulnerability Assessment, enables Yennik,
Inc. to remotely and automatically audit
Internet-connected networks for security vulnerabilities. Qualys'
service platform approach enables immediate, transparent and continuous
security auditing and risk assessment of global networks, inside and
outside the firewall. Founded in 1999 by a team of Internet
security experts, Qualys is headquartered in Redwood Shores, California,
with offices in France, Germany and the U.K.
VISTA home page |
