Security Audit and Testing
Security Audit
•
Mapping of accessible hosts by IP number and port
•
Information about each host including OS, versions of network software, etc.
•
List of all services and list of services that might be vulnerable
•
Information about network based on various public databases including Whois,
ARIN, RADB, SWIP, etc.
•
Detailed website analysis using various http search programs/scanners
•
Deeper testing can be done if requested, including software stack overflow testing,
boundary tests using various tools, java testing tools, etc.
Typical External Network Security Audit Report
Typical Security scans performed by SCN Research
• Aircrack
• AirSnarf
• Airsnort
• AMAP
• cgi-scan
• Cisco torch
• CryptCat
• CyberCop
• Ethereal
• Ettercap
• Dsniff
• Fakeap
• Fragrouter
• Hostapd-utils
• Kismet
• Metasploit
• NASL
• Nessus
• nmap
• NTP fingerprinting tool
• Packit
• Proxychains
• Sara
• Sendip
• SNMP fuzzer
• snmp-walk
• Snoop
• Snort
• SSLdump
• TCPDump
• TCPick
• Tcpsplit
• telnet/ping/ftp
• TFTP bruteforce tool
• Unicornscan
• VNC
• Whisker
• WPA-Supplicatiant
• Yersinia
• other utilities
A report is layed out in a binder by network/city/location. Each program or report is divided by a smaller divider. A typical network report will contain:
•
Host list and whois report
•
CyberCop Scanner report
•
Sara Report (if applicable)
•
Nessus Scan (if applicable)
•
Sara raw data (if applicable)
•
Router access display (telnet to router)
•
One or more NMAP reports
•
CGI report if web servers present
The report is also available on CD/ROM
