An external network service scan consists of identifying the service ports responding to queries. This information provides a road map of entry points into the customers network by external Internet users. This effort includes scanning all 65535-network ports on the customers external devices, checking them for known vulnerabilities.

Once the external penetration test is complete, the internal network scan is executed. Just as the external scan the internal testing starts by locating network devices behind the firewall by scanning a range of TCP/IP addresses. (e.g. 10.10.10.0 through 10.10.10.255). As before, this effort includes scanning all 65535-network ports on the responding devices, checking them for known vulnerabilities. Vulnerabilities identified are then exploited within a controlled environment for additional network access. Responding addresses are used for further scanning of each device and identifying the service ports responding to queries. This data provides detailed information to leverage privileges to the internal network controls as well as sensitive content.

Areas assessed during the internal and external audits:

• Well known service ports
• Operating system types and version
• Operating system and device vulnerabilites
• Registry related vulnerabilites
• File sharing related vulnerabilities
• Viruses, trojan horse programs, spyware, malicious code
• Programs with known security weaknesses
• Known system and network vulnerabilities
• Presence of database servers
• X-Windows Devices

The Wireless Network Assessment or War Drive involves physically scanning the perimeter of the customer’s facility using a Wireless Scanner. The Wireless Scanner probes the general vicinity for any emitted wireless access point (WAP) signals that are in the area. Each responding signal is documented for ownership, if secured with encryption, and then monitored for its ownership. A limited exploit is used to determine if the wireless signal in question belongs to the customer as well as vulnerability.

Services performed during the wireless assessment include:

• Identification of Wireless Access Point and if secure or unsecured
• Mapping of the geographic location of the found signal
• Validation of the signal belonging to the customer
• Level of network access gained when access point is compromised

The Analog Network Assessment or War-Dial consists of dialing a range of phone numbers that belong to the customer. Each phone number is dialed and then monitored for a response. Responding phone numbers that are connected to computer modems and network equipment are documented as to their response; a limited exploit is used to determine if the phone numbers in question belong to the customer as well as vulnerability they pose. Suggestions to mitigate this risk are also included.

Typical devices found during the analog assessment include:

• Modems connected to computers with little to no authentication
• Industrial Equipment with dial-in access for remote maintenance and problem diagnosis
• Medical Equipment with dial-in access for remote maintenance and problem diagnosis
• Building Systems for remote maintenance of Alarm, HVAC, Elevator and other building infrastructure
• Office equipment connected to the network, such as multifunctional copiers, digital fax equipment
• Building Phone Systems