Untangling All Of
Your Network Problems
Home Solutions Cyber Crime Lab Testing Contracts Information Employment Contact



o Back

o Briefings
o Secure Networks
o E-commerce
o Security & Privacy
* Assessments
- Application
- Asset
- Detection
- Hacking
- Firewall
- Health Check
- Internet
- Network
- Process
- Profiling
- Telco Scanning
- Site
- System
* Design
* Implementation
* Management
o Testing

Detection

External Intrustion Test

External Intrusion Test and Analysis identifies security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of External Intrusion Test and Analysis is to demonstrate the existence or absence of known vulnerabilities that could be exploited by an external attacker.

Service Methodology

SSG skilled security professionals perform test, analysis, scan and attack procedures from the Internet against contracted client locations. All activities are conducted during client-specified times over a predetermined evaluation period.

To achieve the External Intrusion Test and Analysis goal, SSG security professionals:

  • gather externally accessible configuration information
  • scan client external network gateways to identify services and topology
  • scan client Internet servers for ports and services vulnerable to attack
  • attempt intrusion of vulnerable internal systems

SSG uses an intrusion methodology that mimics the process used by hackers to gain access to information and systems at the client's site. The methodology combines state-of-the-art-testing techniques with unique security expertise to provide the client with an independent assessment of its security posture. SSG security professionals use a set of evaluation tools - public domain, commercial and "home built" - to gather vulnerability information. Intrusion attempts are then performed using proprietary testing techniques. All known network-based attacks are employed in this process. Testing of the client's Internet connection is conducted from an external site.

SSG offers this service as a standard product only for Class C networks. Contact SSG for information on Class B network testing.

Intrusion testing requires appropriate legal releases and waivers from the client. SSG is committed to minimizing disruptions and avoiding damage to client systems. In no case will SSG perform any actions prohibited by law.

Client Deliverables

SSG will deliver an External Intrusion Test and Analysis Report that contains an executive security overview, list of vulnerabilities, recommendations for risk mitigation, and a log of intrusion data obtained. The report will be delivered in bound hard copy and in electronic form on diskette in Microsoft Word compatible format.

Client Benefits

The External Intrusion Test & Analysis allows the client to anticipate external attacks that might cause security breaches and to proactively reduce risks to its information, systems, and networks. This proactive approach will improve the security of the client's networked resources, and help avoid the significant costs and uncertainties of dealing with external attacks and security breaches. The External Intrusion Test & Analysis can provide solutions for improving or implementing business over the Internet. A client will be able to conduct e-business and e-commerce operations with increased confidence in their ability to protect valuable data, resources, and reputation

Internal Intrusion Test

Internal Intrusion Test and Analysis identifies security weaknesses and strengths of the client's systems and networks as they appear to internal users, operating within the client's security perimeter. The goal of Internal Intrusion Test and Analysis is to demonstrate the existence or absence of known vulnerabilities that could be exploited by authorized internal users.

The Internal Intrusion Test and Analysis mimics an attack on the internal network by a disgruntled employee or an authorized visitor having standard access privileges. Internal intrusion testing is typically done on location at the client offices, but alternative arrangements can be made.

Service Methodology

SSG professionals will, with the cooperation of their client point-of-contact, masquerade as an authorized internal user of the client networks, usually as a trusted visitor or contractor. Using laptops, SSG professionals perform test, analysis, scan and attack procedures on the internal network and its hosts, especially the servers. All activities are conducted during client-specified times, over a predetermined evaluation period.

To achieve the Internal Intrusion Test and Analysis goal, SSG professionals:

  • scan client internal servers to identify hosts, services and network configuration
  • scan client internal servers for vulnerable ports and services
  • monitor network traffic for user sensitive data (e.g., user passwords)
  • attempt intrusion of internal systems

The Internal Intrusion Test service uses much of the same methodology and employs many of the same tools as the external intrusion test to evaluate the current security of corporate internal networks. Internal intrusion focuses on:

  • server operating system and application vulnerabilities
  • protocol and network infrastructure vulnerabilities
  • excessive or inappropriate user privileges
  • internal controls and procedures
  • internal "intra-walls" separating sub-network

Special attention is paid to configuration errors or old software versions with widely known vulnerabilities.

Client Deliverables

SSG will deliver an Internal Intrusion Test and Analysis Report that contains an executive security overview, list of vulnerabilities, recommendations for risk mitigation, and a log of intrusion data obtained. The report will be delivered in bound hard copy and in electronic form on diskette in Microsoft Word compatible format.

Client Benefits

The Internal Intrusion Test & Analysis allows the client to anticipate internal attacks that might cause security breaches and to proactively reduce risks to its information, systems, and networks. This proactive approach will improve the security of the client's networked resources, and help avoid the significant costs and uncertainties of dealing with internal attacks and the security breaches. The Internal Intrusion Test & Analysis can provide solutions for improving or implementing business over the Internet. A client will be able to conduct e-business and e-commerce operations with increased confidence in their ability to protect valuable data, resources, and reputation.

Battle Lab
Coming soon, the Battle Lab! A virtual play-ground for your applications and security tools. Scenarios running daily!

Wireless
With everybody trending to wireless technologies, make sure your information is secure.

Contact Us
We always welcome comments and questions. Contact us via e-mail or by phone at (505)-798-0129.

Copyright System Solutions Group, 2003.
All rights reserved. Disclaimer