Is your network secure?
Are your web applications secure?
Do you know if your environment has any vulnerabilities that an intruder can take advantage of?
Can a hacker access data intended only for authorized users?
Are your user accounts set up with appropriate restrictions to protect your data?
Can any user obtain information about other users’ accounts?

If you’ve answered “yes” or “I don’t know” to any of these questions, let’s talk. SystemExperts offers services designed to meet your specific security requirements.

Some of the testing scenarios we frequently perform include:

Internet Exposure Profile
(Also known as Tiger Team Attack or White Hat Penetration Testing)

As a skillful outsider on the Internet, we focus on vulnerabilities related to TCP/IP protocols and services. We specifically look for problems in your DMZ or firewall setup, the configuration of your systems, and unauthorized access to resources in your environment. In this test scenario, we will attempt to gain administrative privileges on systems and see if we can reach data.

Web Application Testing
We can perform both Application Vulnerability Testing (AVT) and Web Application Vulnerability Testing(Web AVT) depending on your needs. Our Web Application testing assesses the platform associated with the customer’s application as a skillful attacker and documents the findings and provides recommendations. During the analysis, the consultants look to exploit deficiencies in the application or web pages themselves, to escalate privileges, access other network systems or services, or identify instances where customer-private data may be exposed.
System Hardening Assessment
Many organizations deploy standard builds to support key Internet accessible services or environments. These builds typically consist of class of computers, an operating system configured in a particular way, and a set of layered software products. Fully understanding the security profile of your standard platforms is critical in understanding the security profile of your enterprise.

In other cases, organizations deploy mission critical applications on a hardware and software platform outside the firm’s technical expertise. Assessing the security hardening of these critical systems makes sense.x.

IP Services Inventory
Large organizations often lose track of the IP-based services they are exporting to the Internet. Periodic remote scanning of their external address space enables them to better manage their exposure by eliminating unnecessary security vulnerabilities.

SystemExperts will remotely scan your external IP address space for IP-based services accessible from the Internet. For each IP address scanned, SystemExperts will look for service availability on well-known TCP and UDP ports and we will categorize whether service availability is either open (reachable) or closed (not reachable). The deliverable is a spreadsheet containing the IP Services Inventory.

Some of our clients stop at this point and remove any unexpected/unnecessary services that we found. Others prefer more closure. After remedying the problems, they provide us with a Re-scan List. SystemExperts then remotely re-scans the IP addresses in the Re-scan List and updates the IP Services Inventory spreadsheet to reflect any changes.

Firewall Review
Firewall rules tend to grow by accretion; changes to the rules are made to support the evolving needs of the business and they tend to accumulate over time. Too often, the rule set grows too large to be readily understood. Too often, later rules contradict earlier rules. Too often, a particular business need that required a specific opening in the firewall, no longer exists but the opening remains as a historical artifact. SystemExperts will work with you to document how the firewall should function and review the configuration to determine if the configuration is consistent with the expected behavior.

 

seInternetExp

 
Note: SystemExperts offers a portfolio of penetration testing and vulnerability assessment services – both at the network and application level. Terminology varies, sometimes these services are referred to as Pen Tests, Network Pen Tests, Application Vulnerability Testing, or Web Application Vulnerability Testing.

About SystemExperts

Founded in 1994, SystemExperts is the premier provider of professional IT compliance and security consulting services.Our team excels at designing solutions to meet organizations’ comprehensive security needs. We’ve helped hundreds of companies deal with imminent threats as well as proactively planning for long-term security.