|
|
|
ASA™ - Annual Security Agreement + Web
| ASA™ offers Regular NAVA™ / WAVA™ reports and periodic checklist publication targeting different operating systems. The audit identifies MPOE (Minimum Point of Entry) to point out vulnerabilities such as
|
- Network/OS Layer:
Network/OS Layer (NAVA™): ISnSC will test the application level hosting any System, this will involve a vulnerability assessment of the running services (web servers, FTP, Listening Services) and the Operating system, such as:
- Unsecured Accounts
Null Password, Admin no PW, no PW expiration…
- Unnecessary Services
VNC, PCAnywhere, KaZaa, Telnet…
- Backdoors
Spyware (KaZaa, DownloadWare, 180 Solutions, GAIN), MyDoom.A
- Mis-configurations
- Netbios shares, Anonymous FTP world read/write, hosts.equiv…
- Software Defects (Missing Patches)
- Buffer overruns, RPC-DCOM, SQL Injection…
- Web Application Layer:
ISnSC will “black box“ test the WEB application system, against
SQL injections, Sessions, Input Validations.
- Authentication Layer:
ISnSC will review the Authentication methods used in the WEB
system either to logon to the system or to initiate transactions against
Accountability, Non-Repudiation and Privacy.
- Authorization Layer:
Client will supply ISnSC with a demo account to be used at this stage. ISnSC will try to use this logon to test the
WEB system against privilege escalation or accessing other Clients
account information.
Services covered within ASA™ are:-
- Regular Network/Web Vulnerability Assessment ( Monthly / Quarterly / Semi-Annually)
- Remote Host Security:
- Design and build solutions to protect server, including OS hardening using SSH
/ RDP.
- Remote Managed Security Services:
- Assisting Network Administrators in deploying Preventative Security Measures
- Cyber Incident Forensics:
- Investigating security breaches. Limited to 2 incidents per year.
Stay one step ahead
|
|