External Security Assessments

External Security Assessments are intended to evaluate the overall security posture of the enterprise from the perspective of an anonymous source on the Internet.  It focuses on services that the enterprise makes available through their perimeter across the Internet. We start with a process called “Fingerprinting,” where we do reconnaissance on the target organization by reviewing public sources of information (such as the network registrars, DNS servers, email servers, routing tables, Social Media, etc.) to evaluate the potential information that is available for an anonymous attacker to gather as base information to start an attack or which provide information that allows an alternate route that might exploit a non-technical weakness.

Once fingerprinting is complete we perform technical testing with commercial tools from Qualys. We will mutually develop a scanning profile for the assets that we have determined are in scope for review. The vulnerability testing process gathers data on open ports and vulnerabilities for each selected asset exposed to the Internet. The Penetration testing process, if desired, seeks to exploit the identified weaknesses from the vulnerability testing process. The output from the assessment(s) are summary findings and recommendations. The reports typically includes root cause analysis of the data collected during the review which will offer the management team an itemized, prioritized view of remediation steps.

Learn more about iSphere’s Information Security services by e-mailing info@isphere.net or calling 1.800.210.3215.

 

Our Jobs

Search Our Jobs

 
 
info@isphere.net
800.210.3215