 |

Vulnerability Assessment
We are serious about IT security, something this service may especially
reflect. Not continuously evaluating the security is a great mistake that can
turn expensive - what's more, most international standards put emphasis on
continuous evaluation. Our Vulnerability Assessment service gives you a full
evaluation of the threats against and the effects of vulnerability
exploitation in your computer environment.
Our consultants look for known vulnerabilities in network services, known or
unknown web application bugs, the possibility to penetrate security
mechanisms, configuration errors, forgotten/neglected services, information
leakage (private information, business intelligence, financial information,
internal reports, documentation, etc.) and legal aspects (privacy policy,
acceptable use policies, etc.).
The audit is conducted in full compliance with
Open Source Security Testing Methodology Manual (OSSTMM)
(PDF file) - the most widely used, accepted and comprehensive methodology for
testing security to date. OSSTMM complies with and beyond guidelines in
ISO/IEC 17799, HIPAA (US), BDSG (Germany), NIST SP 800-42, and several other
standards and privacy acts.
tigerteam.se conducts all identification steps in OSSTMM
concerning TCP/IP networking and computer security. We don't do the actual
penetration tests which allows us to do more on a lower budget.
All identification steps in OSSTMM conducted are documented under
Section C - Internet Technology Security (page 42), the modules are:
- Logistics and Control: Initial assessment to determine the stability of communication with the target.
- Network Surveying: Basic network information, ISP information, cached information on the Internet about past/present connections into the target network (forums, mailing list archives, P2P networks).
- System Services Identification: Port scanning revealing a full network map, Operating Systems, version signatures of services, patch level, etc.
- Competitive Intelligence Review: A comprehensive investigation conducted on the Internet for data that can be categorized as Business Intelligence.
- Privacy Review: Assessment of disclosures, compliance with expressed privacy policy and actual privacy, information disclosed in marketing or advertisement, assessment of any publicly available private/confidential information, etc.
- Document Grinding: Profiling of the organization, it's employees, partners, competition, etc. (AKA Digital Dumpster Diving).
- Vulnerability Research: Two or more state-of-the-art vulnerability scanners are used together with manual assessment to determine any application/network/OS vulnerabilities, the possibility of exploitation of services, Denial of Service attacks, etc.
- Router and feature identification: The type of router/gateway used, types of traffic allowed to flow, etc.
- Trusted Systems Testing: Possible trust relationships between systems, found vulnerabilities mapped against systems with trust relationships, listing possible ways to spoof, etc.
We can also teach your organization how to conduct self-assessments of your IT
security, continuously. tigerteam.se consists of hackers and we more
than happily show you how to best understand criminal hackers that want to
enter your computer systems. Read more under Training.
Contact michel.blomgren tigerteam.se for more information.
| Go to top
|
|  |
|
 |