Security Audit and Testing
Security Audit
•
Mapping of accessible hosts by IP number and port
•
Information about each host including OS, versions of network software, etc.
•
List of all services and list of services that might be vulnerable
•
Information about network based on various public databases including Whois,
ARIN, RADB, SWIP, etc.
•
Detailed website analysis using various http search programs/scanners
•
Deeper testing can be done if requested, including software stack overflow testing,
boundary tests using various tools, java testing tools, etc.
•
Assessments and compliance for Sarbanes-Oxley and HIPPA.
Typical External Network Security Audit Report
Typical Security scans performed by SCN Research
• Aircrack
• AirSnarf
• Airsnort
• AMAP
• cgi-scan
• Cisco torch
• CryptCat
• CyberCop
• Ethereal
• Ettercap
• Dsniff
• Fakeap
• Fragrouter
• Hostapd-utils
• Kismet
• Metasploit
• NASL
• Nessus
• nmap
• NTP fingerprinting tool
• Packit
• Proxychains
• Sara
• Sendip
• SNMP fuzzer
• snmp-walk
• Snoop
• Snort
• SSLdump
• TCPDump
• TCPick
• Tcpsplit
• telnet/ping/ftp
• TFTP bruteforce tool
• Unicornscan
• VNC
• Whisker
• WPA-Supplicatiant
• Yersinia
• other utilities
A report is presented in a binder by network/city/location. Each program or report is divided into individual sections. A typical network report will contain:
•
Host list and whois report
•
CyberCop Scanner report
•
Sara Report (if applicable)
•
Nessus Scan (if applicable)
•
Sara raw data (if applicable)
•
Router access display (telnet to router)
•
One or more NMAP reports
•
CGI report if web servers present
The report is also available on CD/ROM
