Security Audit and Testing

Security Audit

Security Audit

Mapping of accessible hosts by IP number and port

Information about each host including OS, versions of network software, etc.

List of all services and list of services that might be vulnerable

Information about network based on various public databases including Whois,

ARIN, RADB, SWIP, etc.

Detailed website analysis using various http search programs/scanners

Deeper testing can be done if requested, including software stack overflow testing,

boundary tests using various tools, java testing tools, etc.

Assessments and compliance for Sarbanes-Oxley and HIPPA.

Typical External Network Security Audit Report

Typical Security scans performed by SCN Research

Software used:

  • Aircrack
  • AirSnarf
  • Airsnort
  • AMAP
  • cgi-scan
  • Cisco torch
  • CryptCat
  • CyberCop
  • Ethereal
  • Ettercap
  • Dsniff
  • Fakeap
  • Fragrouter
  • Hostapd-utils
  • Kismet
  • Metasploit
  • NASL
  • Nessus
  • nmap
  • NTP fingerprinting tool
  • Packit
  • Proxychains
  • Sara
  • Sendip
  • SNMP fuzzer
  • snmp-walk
  • Snoop
  • Snort
  • SSLdump
  • TCPDump
  • TCPick
  • Tcpsplit
  • telnet/ping/ftp
  • TFTP bruteforce tool
  • Unicornscan
  • VNC
  • Whisker
  • WPA-Supplicatiant
  • Yersinia
  • other utilities as required

A report is presented in a binder by network/city/location.

Each program or report is divided into individual sections. A typical network report will contain:

Host list and whois report

CyberCop Scanner report

Sara Report   (if applicable)

Nessus Scan   (if applicable)

Sara raw data   (if applicable)

Router access display (telnet to router)

One or more NMAP reports

CGI report if web servers present

The report is also available on CD-ROM