Site Auditing 
 
Welcome Page
SecurNET Team
Consulting Services
Architecture
Resource Library
Join Our Team
Security Architecture
Site Certification
Site Auditing
 

  S i t e   A u d i t i n g 

External

An External Review is an audit done remotely "off-site" from the out side of the firewalled environment. This is first done a blind then knowable penetration test to determine the extent and risk (if any) of an external attack. This audit is good for testing the configuration of a firewall the respective WWW, ftp, email and other network services.

This scan and simulated attack are done remotely over the Internet. Preferably, this phase should be performed with limited disclosure (blind to all but select management) as an unscheduled external penetration assessment.

Penetration tests will be limited to probes as to not cause disruption of business (in any manner).

Optionally (a) this may include attack and evaluation of modem dialup and physical security. This is accomplished via method such as "wardialing." This procedure is used to scan and detect misconfigured dialups and terminal servers as well as rogue and unauthorized desk modems.

Optionally (b) social engineering techniques can be attempted during this audit. Many experts consider social engineering to be the biggest threat to the security of most organizations.

Optionally (c) If this audit is aimed at securing a WWW site. Source code audits of the CGI, Java, JavaScript, and activeX is advisable.

Typically, this type of audit may take one to three days depending on the site, network connectivity and complexity of services. If WWW site source review is requested more time will be required.

Audit Techniques

As audits are being preformed, a detailed, timestamped log is maintained of all actions. This log is use in the further testing of your sites logging facilities by the comparison on out teams logs and your companies site logs.

Penetration tests will be limited to probes as to not cause disruption of business (in any manner).

All audits are done only with written permission from a company officer on company letter head. If necessary a hold-harmless will be requested.

No client information will be kept online or offline by NetraCorp or any employee or sub-contractors after compellation of the contract. All data will be returned to the client or destroyed.

 
 
Copyright © 1997-2011 NetraCorp, LLC -- All Rights Reserved.
SecurNET, Global Internet and Converg Media Search Optimization are all NetraCorp LLC Companies