Security Audit and Testing

Security Audit
Mapping of accessible hosts by IP number and port
Information about each host including OS, versions of network software, etc.
List of all services and list of services that might be vulnerable
Information about network based on various public databases including Whois,
  ARIN, RADB, SWIP, etc.
Detailed website analysis using various http search programs/scanners
Deeper testing can be done if requested, including software stack overflow testing,
  boundary tests using various tools, java testing tools, etc.
Assessments and compliance for Sarbanes-Oxley and HIPPA.

Typical External Network Security Audit Report
Typical Security scans performed by SCN Research

Software used:
Aircrack
AirSnarf
Airsnort
AMAP
cgi-scan
Cisco torch
CryptCat
CyberCop
Ethereal
Ettercap
Dsniff
Fakeap
Fragrouter
Hostapd-utils
Kismet
Metasploit
NASL
Nessus
nmap
NTP fingerprinting tool
Packit
 
Proxychains
Sara
Sendip
SNMP fuzzer
snmp-walk
Snoop
Snort
SSLdump
TCPDump
TCPick
Tcpsplit
telnet/ping/ftp
TFTP bruteforce tool
Unicornscan
VNC
Whisker
WPA-Supplicatiant
Yersinia


other utilities

A report is presented in a binder by network/city/location. Each program or report is divided into individual sections. A typical network report will contain:

Host list and whois report
CyberCop Scanner report
Sara Report   (if applicable)
Nessus Scan   (if applicable)
Sara raw data   (if applicable)
Router access display (telnet to router)
One or more NMAP reports
CGI report if web servers present

The report is also available on CD-ROM