Security Audit
Mapping of accessible hosts by IP number and port
Information about each host including OS, versions of network software, etc.
List of all services and list of services that might be vulnerable
Information about network based on various public databases including Whois,
ARIN, RADB, SWIP, etc.
Detailed website analysis using various http search programs/scanners
Deeper testing can be done if requested, including software stack overflow testing,
boundary tests using various tools, java testing tools, etc.
Assessments and compliance for Sarbanes-Oxley and HIPPA.
Typical External Network Security Audit Report
Typical Security scans performed by SCN Research
Software used:
- Aircrack
- AirSnarf
- Airsnort
- AMAP
- cgi-scan
- Cisco torch
- CryptCat
- CyberCop
- Ethereal
- Ettercap
- Dsniff
- Fakeap
- Fragrouter
- Hostapd-utils
- Kismet
- Metasploit
- NASL
- Nessus
- nmap
- NTP fingerprinting tool
- Packit
- Proxychains
- Sara
- Sendip
- SNMP fuzzer
- snmp-walk
- Snoop
- Snort
- SSLdump
- TCPDump
- TCPick
- Tcpsplit
- telnet/ping/ftp
- TFTP bruteforce tool
- Unicornscan
- VNC
- Whisker
- WPA-Supplicatiant
- Yersinia
- other utilities as required
A report is presented in a binder by network/city/location.
Each program or report is divided into individual sections. A typical network report will contain:
Host list and whois report
CyberCop Scanner report
Sara Report  (if applicable)
Nessus Scan  (if applicable)
Sara raw data  (if applicable)
Router access display (telnet to router)
One or more NMAP reports
CGI report if web servers present
The report is also available on CD-ROM