AUDITING SERVICES

Network Evaluation is ready and able to provide you with the information you need to protect your network, whether the threat is from internal or external threats.

The purpose of auditing is to inform management of the actual state of affairs. This can serve as an independent verification for the IT department, a validation of the effectiveness of the IT staff, or as a "sanity-check" of requested or planned projects.

  • Get a free 30 minute telephone consultation to find out where you stand, risk-wise
  • Get the information you need now to protect your resources (prioritized reports)
  • Identify the hidden "gotchas" that represent a threat from knowledgeable hackers
  • Make your network function more efficiently and effectively

Sample auditing report available here.

For more information about auditing and penetration testing services, please Contact Us


All vulnerability audit reports follow the SANS/FBI (NIPC) Top20 vulnerabilities list as specified by the joint recommendations of the SANS Institute and the FBI's National Infrastructure Protection Center

Network Evaluation will then make or prescribe the necessary changes, at your option, and prescribe the purchase of additional hardware or software as required. If requested, Network Evaluation will install and configure those items for seamless operation within your environment.

Note: All auditing activities will require verifiable, written permission and/or proof of ownership for the target organization, and a formal signed contract. This is required to protect both the audit's target and Network Evaluation.

Auditing consists of many types of testing. Not all auditing is appropriate, or desired, for all networks. Because of this, and individual client requirements, each auditing project is individually proposed and bid. The pricing is affected by the number of hosts to audit, the types of tests to be performed, and the number of repetitions desired (to validate changes).

The different types of testing available are broken out here to illustrate the options available.

Network Discovery - This simple audit provides you with a complete inventory of all identifiable systems on your network. This can be performed from inside or outside your network according to need.

Patch Audits - This series of tests identifies specific vulnerabilities (many in the SANS/FBI Top 20 list) that exist because of failure to keep all affected systems up to date. It does not address configuration errors, sample files, inappropriate/unauthorized applications or any other user-configurable settings or software.

SANS/FBI Top 20 Audit - Gives you the information needed to address the most critical vulnerabilities, as determined by an international consortium of security experts and analysts - Recommended for all systems, but especially for those facing the Internet.

Name Server (DNS) Audit - A name server that is not correctly configured can cause all of your other services to be unavailable. If it is allowing queries from unauthorized sources, then outside attackers can gain threatening insight into the structure and nature of your network. Network Evaluation will analyze and report on those aspects of your Name services that threaten proper operation or present avoidable risks.

Port Scan Audit - A port scan audit consists of two separate parts. 1) Checking all systems in the audit target(s) to see what systems are offering what "services" (intended or not); and 2) Tracking down the actual "service", should it turn out to be unwanted by management.

Penetration Testing Audit - A penetration test is a formal, planned "attack" on your network, with the objective of finding the vulnerabilities on any of your systems that can be exploited to gain entry to, or compromise any of your systems. This audit emphasizes the combination of many different types of test results with known techniques to obtain access.

Firewall Audit - Complete analysis of your Firewall-1, Cisco Pix or other commercial firewall. We will identify the unnecessary rule overlaps, inconsistencies, outdated rules, inadvertent security holes and other threats to safe, efficient operation.

Complete Vulnerability Audit - An expansion of the Top 20 Audit which tests more exhaustively, searching out as many vulnerabilities as can be identified, using several specialized tools. Many of these are unique to Network Evaluation, providing more detailed information that is available elsewhere.

Complete IT Audit - This encompasses the technical aspects mentioned above, and includes interviews with your management and staff to identify practices, policies, procedures, expectations, inconsistencies and other behavioral issues, which can affect the operation of IT Departments and Operations.

Meeting Network Security & Control Requirements: (408) 395-3921