Vulnerability Assessment & Penetration Testing
The Enterprise Challenge
Strategic business initiatives to increase operational efficiencies, find new revenue sources, and improve customer service are all driving organizations to open up their networks and business processes to even more external users. For many organizations, this means an increased exposure to security threats and vulnerabilities.
Malicious attacks on your network can create severe consequences, such as disruption of service, business interruption, and lost revenue. Non-compliance to regulation can cost steep fines and bad publicity, which can further damage your reputation. Without the resources to stay on top of emerging threats and changes in regulatory requirements, companies can't effectively anticipate and counter new threats that may compromise information assets and compliance goals.
Let Cynosure Solutions Help You Protect Your Enterprise Against Intruders
Cynosure Solutions’ Vulnerability Assessment and Penetration Testing service is a critical step in mitigating risk. Using a proven methodology, automated testing tools, and manual audits, Cynosure Solutions’ experienced security consultants assess your networked environment and identify vulnerabilities and errant configurations, validate existing controls, prioritize high-risk vulnerabilities, and provide detailed remediation techniques that help reduce the risk of your networked systems being compromised.
A Vulnerability Assessment identifies technical vulnerabilities in computers and networks, as well as weaknesses in policies and practices related to the operation of these systems. The Vulnerability Assessment identifies what services your hosts are offering, and whether or not the policies and procedures associated with them are in line with industry and company standards for security.
Cynosure Solutions Vulnerability Assessment Includes:
• Identification of applications and services on host devices, DHCP, TFTP, DNS, etc.
• Review of communication protocols active on the system.
• Review of industry sources for notices of known vulnerabilities on host-based operating systems.
• Review of configuration and network diagrams of all network related devices that are exposed on the perimeter of the network.
• Identification of unneeded services on network device (DHCP, TFTP, DNS, small servers, etc).
• Review of CERT notices for known vulnerabilities of network equipment.
• Recommendations for securing networking devices.
• Documentation of all findings, impact analyses, and recommendations in a final report.
Vulnerability Assessment Services
External Vulnerability and Penetration Testing
For a complete and consistent approach, Cynosure Solutions utilizes industry best practices and methodologies for penetration testing, such as the Open Source Security Testing Methodology Manual (OSSTMM) and National Institute for Standards and Technology (NIST). There are four major phases to the Internet vulnerability and penetration tests:
• Reconnaissance and Information Gathering
• Vulnerability Scanning
• Attack and Penetrate (Optional)
Internal Vulnerability Assessment
Cynosure Solutions designs its Internal Vulnerability Assessment to find existing vulnerabilities in internal hosts, such as servers, workstations, printers, routers, switches and other network devices and infrastructure components. In addition, Cynosure Solutions will attempt to determine the root causes of the vulnerabilities identified.
The objective of this review is to ensure the target systems have appropriate password requirements in place and that users are creating strong passwords that are not easily enumerated. Online password cracking is possible for certain protocols, such as Telnet, Windows, SSH and HTTP.
Internet Infrastructure Security Assessment
Cynosure Solutions will perform a hands-on assessment of the configuration of your Internet architecture, including:
• Architecture and Design
• DMZ Host Vulnerability Assessment
• Managed Security Services – Service Level
Cynosure Solutions will also evaluate human weakness, including:
• Dumpster Diving
• Pre-Text Calling
• Baiting (Physical & Logical)
Wireless Security Assessment
Cynosure Solutions will evaluate the configuration of your 802.11x wireless network implementation, including:
• Rogue Access Point Detection
• Ad-hoc Wireless Device Detection
• Wireless Architecture Review
• Wireless Encryption Key Cracking
For more information, or to schedule a consultation, please email us at: