Evaluation is ready and able to provide you with the information
you need to protect your network, whether the threat is from
internal or external threats.
purpose of auditing is to inform management of the actual state
of affairs. This can serve as an independent verification for
the IT department, a validation of the effectiveness of the IT
staff, or as a "sanity-check" of requested or planned
a free 30 minute telephone consultation to find out where
you stand, risk-wise
the information you need now to protect your resources
the hidden "gotchas" that represent a threat from knowledgeable
your network function more efficiently and effectively
auditing report available here.
more information about auditing and penetration testing services,
please Contact Us
vulnerability audit reports follow the SANS/FBI (NIPC) Top20
vulnerabilities list as specified by the joint recommendations
of the SANS Institute and the FBI's National Infrastructure Protection
Evaluation will then make or prescribe the necessary changes,
at your option, and prescribe the purchase of additional hardware
or software as required. If requested, Network Evaluation will
install and configure those items for seamless operation within
All auditing activities will require verifiable, written permission
and/or proof of ownership for the target organization, and a
formal signed contract. This is required to protect both the
audit's target and Network Evaluation.
consists of many types of testing. Not all auditing is appropriate,
or desired, for all networks. Because of this, and individual
client requirements, each auditing project is individually proposed
and bid. The pricing is affected by the number of hosts to audit,
the types of tests to be performed, and the number of repetitions
desired (to validate changes).
different types of testing available are broken out here to illustrate
the options available.
- This simple audit provides you with a complete inventory of
all identifiable systems on your network. This can be performed
from inside or outside your network according to need.
- This series of tests identifies specific vulnerabilities (many
in the SANS/FBI Top 20 list) that exist because of failure to
keep all affected systems up to date. It does not address configuration
errors, sample files, inappropriate/unauthorized applications
or any other user-configurable settings or software.
Top 20 Audit
- Gives you the information needed to address the most critical
vulnerabilities, as determined by an international consortium
of security experts and analysts - Recommended for all systems,
but especially for those facing the Internet.
Server (DNS) Audit
- A name server that is not correctly configured can cause all
of your other services to be unavailable. If it is allowing queries
from unauthorized sources, then outside attackers can gain threatening
insight into the structure and nature of your network. Network
Evaluation will analyze and report on those aspects of your Name
services that threaten proper operation or present avoidable
- A port scan audit consists of two separate parts. 1) Checking
all systems in the audit target(s) to see what systems are offering
what "services" (intended or not); and 2) Tracking
down the actual "service", should it turn out to be
unwanted by management.
- A penetration test is a formal, planned "attack"
on your network, with the objective of finding the vulnerabilities
on any of your systems that can be exploited to gain entry to,
or compromise any of your systems. This audit emphasizes the
combination of many different types of test results with known
techniques to obtain access.
Audit - Complete
analysis of your Firewall-1, Cisco Pix or other commercial firewall.
We will identify the unnecessary rule overlaps, inconsistencies,
outdated rules, inadvertent security holes and other threats
to safe, efficient operation.
- An expansion of the Top 20 Audit which tests more exhaustively,
searching out as many vulnerabilities as can be identified, using
several specialized tools. Many of these are unique to Network
Evaluation, providing more detailed information that is available
- This encompasses the technical aspects mentioned above, and
includes interviews with your management and staff to identify
practices, policies, procedures, expectations, inconsistencies
and other behavioral issues, which can affect the operation of
IT Departments and Operations.