|
The VISTA penetration study and Internet
security test is much more sophisticated than just scanning ports.
As a hacker would begin, we also begin by conducting a comprehensive
port scan. The TCP and UDP port scans provide vital information
about the open ports from which critical data is obtained. This
critical data provides the in-depth penetration-vulnerability
information necessary for the Internet security audit.
With the information gathered from initial port
scan, we perform a network discovery that depicts the network
topology, access points to the network, machines names, IP
addresses, operating systems, and discovered services, such as HTTP,
SMTP, Telnet, SNMP, etc. With this captured information, the
appropriate vulnerability is selected out of over 5,000 know
vulnerabilities; the appropriate test is performed, and results
interpreted.
The penetration security risk assessment,
includes all routers, switches, hubs, firewalls, servers,
workstations, printers, and wireless access devices.
During the testing, detection and auditing
databases includes PostgreSQL, Oracle, SQL Server, MySQL, Microsoft
SQL, and
Sybase. These tests for vulnerabilities or erroneous configurations
show the possible access points that would allow for information
leaks, theft of data and confidential customer information,
unauthorized penetration that could lead to intrusion, and denial of
service attacks.
The testing is further capable of identifying
viruses, backdoors, worms, Trojans, and other malicious
applications. This testing is accomplished by sending specially
crafted packets to the accessed host and analyzing the response.
|
