Vulnerability Assessment
External Vulnerability Assessment
External Network Vulnerability Assessment will enumerate systems and detect vulnerabilities from a public scope. This is the most significant attack surface. A misconfiguration in the perimeter will almost certainly be exploited, as it is exploitable from virtually anyone with internet access.
In scope
- Public IP addresses (Office or Cloud) scanned for vulnerabilities and checked for inclusion in enumerated IP/service databases.
- Domain names scanned for security misconfigurations including DNS and email security details (anti-spoofing technologies enrollment)
- Assess on inclusion of corporate credentials in data breaches.
- Outward facing services enumeration and assessment.
- Email Security technologies enrollment and messaging security evaluation
- High-level recommendations on mitigating found risks
Internal Vulnerability Assessment
Internal Vulnerability Assessment will enumerate systems and detect vulnerabilities from a scope within the network. In addition to insider threats, this is the scope that a threat from a compromised system (like an infected computer) would be able to operate.
In scope
- Internal Network Architecture & Segregation overall assessment
- Internal Servers vulnerability assessment
- Workstations vulnerability assessment
- Network devices vulnerability assessment
- Wireless Networks vulnerability assessment.
- High-level recommendations on mitigating found risks