Home    About Us    Solutions    Technology    Careers    Contact

 

 

 

Vulnerability Assessments and Penetration Testing

New vulnerabilities, viruses, and variants of previously released malicious code are being discovered on a daily basis. Staying current with this information is an arduous task.

Systems may be integrated into a network with weak passwords, default configurations, or a lack of security testing due to time constraints.  Unauthorized systems may be added to a network without approval from the Information Systems Security Officer (ISSO) or other levels of management.   A network firewall could have open ports no longer needed (due to testing, or antiquated software).  Patches may not be applied at all, or more commonly, too infrequently, allowing systems with known vulnerabilities to be exposed and exploited by hackers.

How can a systems administrator, ISSO, and management gain confidence that their network is secure?  Unfortunately, a panacea does not exist, but techniques are available to minimize the risk of a network being compromised.

  • VDTG works closely with the customer to define an action plan based on the results of the audit, and to assist in tracking actions to ensure compliance.

  • VDTG understands that security should be designed and implemented with a defense-in-depth strategy to avoid single points of failure.

  • VDTG engineers are experts in utilizing the multitudes of security assessments  tools that are available in many forms, and can incorporate all, or just a few of the steps that usually comprise an audit: information gathering or reconnaissance (network discovery, enumeration, vulnerability and port scans), attack (remote and/or local penetration testing), privilege escalation, cleanup and report generation.

  • VDTG has experienced security professionals who understand the results of these tools, and can assign risk to the discovered vulnerabilities to prioritize the order in which they should be corrected.

  • VDTG has a broad range of IA experience, from architecture and design, network devices and administration, auditing techniques, and vulnerability assessments.

  • VDTG engineers understand defense in depth and can design, test, and implement enterprise security solutions. This experience makes VDTG extremely effective in evaluating the security of a network.

Copyright © 2005 The Van Dyke Technology Group, Inc.
Last modified: 04/13/05