Technical Vulnerability Assessment

Solutions from ecfirst

Vulnerability Assessment

A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs. Also sometimes described as a Penetration Test, or PENTest, an ecfirst Technical Vulnerability Assessment is broken up into several distinct phases of analysis listed below. Some components are optional based upon the specific organization:
External Assessment

Internal Assessment
Firewall Assessment
Wireless Assessment
Social Engineering

Regulations such as the HIPAA Security Rule and HITECH require organizations (covered entities and business associates) to conduct a thorough and comprehensive risk analysis activity on a regular schedule. This is a federal mandate.

When is the last time your organization conducted a risk analysis activity that included a technical vulnerability assessment?

External Network Penetration Assessment

ecfirst will identify and deeply analyze vulnerabilities within an organization’s Internet-facing infrastructure and attached systems. ecfirst follows a pragmatic approach when conducting a vulnerability assessment or penetration test. This results in a perfected, repeatable process that maximizes information transfer to the client and ensures that all vulnerabilities have been identified.

External Methodology composed of four components

1. Reconnaissance

2. Footprinting

3. Scanning

4. Penetration

ecfirst will follow our proven methodology to evaluate the security posture of all network segment(s) by passively and actively testing all the connection points of the hosts on that network segment and identifying potential vulnerabilities on these targets. After all networks and hosts have been assessed for external connectivity and open services, an attempt will be made to determine if any weak configuration settings or parameters are in use for any external system. All security vulnerabilities discovered will be fully documented in the BizShield™ report.

Optional Extensive Penetration Test

Many of ecfirst’s clients request us to conduct an exhaustive Penetration Test against identified critical servers to discover all current and potential vulnerabilities and demonstrate the ease or difficulty of compromising security on these important resources. For these engagements, a Certified Ethical Hacker (CEH) / Certified Information Security Auditor (CISA) conducts a comprehensive penetration test against chosen critical servers. Probes and attacks include both stealthy activities and overt attacks in an effort to determine the full security capabilities of the server(s). ecfirst will attempt to deliver a payload, create unauthorized credentials, or potentially drop the server to a command prompt during this test.

Internal Network Penetration Assessment

ecfirst’s internal network vulnerability assessment will verify that the security controls implemented on an organization’s hosts provide an adequate level of protection against network attacks. The ecfirst security team will scan and validate the security of the network and perform penetration testing against selected hosts. This test will give the organization a thorough understanding of how vulnerable its internal infrastructure is to such threats as disgruntled employees, malicious hackers who gain access to the building, and former employees with “lingering” access, as well as the level of risk should someone compromise an alternative entry point. ecfirst can include many valuable components such as:

Open File Shares scan and report
SMNP scan
Promiscuous NICs scan and report
Database Security Analysis including MS SQL or Oracle
Active Directory assessment

The methodology used for the Internal Network Penetration Assessment is similar to that of the external test. The major differentiating factors involve the way our tools and methodologies are used when directly connected to the organization’s network, time windows utilized, and the components listed above.

Firewall Assessment

ecfirst will review the organization’s Internet-facing firewall to identify the current security posture in three critical areas:

Rulebase configuration
Current IOS (or other operating system) and patch revision release level
Vulnerability assessment of configuration file

Rulebase configuration is critical to the integrity and operating security of a firewall. The rulebase should be tied to business requirements. Every rule that is configured on a firewall is essentially a permissible security hole into the company’s network infrastructure. Each of these rules should have a well defined business need for existing. However, many corporations open rules for testing and never close them when the test has completed. Additionally, many rules are opened up because of then-current business needs, but never closed or repaired once that need, or the corresponding business contract, has ended. This results in legacy access and a vulnerability providing a pathway into the internal network.

Firewall Operating Systems, IOS or otherwise, and current patch revision levels are another major source of vulnerabilities on the firewall. Vendors typically post vulnerabilities, explanations, and patches for known vulnerabilities on their public websites, or through standard vulnerability notification services such as CERT. However, many businesses and their IT Departments do not have the time or personnel to research existing code revision levels and their vulnerabilities.

Wireless Assessment

Wireless networks are particularly vulnerable to attacks because it is extremely difficult to prevent physical access to them. Wireless networks are subject to both passive and active attacks. A passive attack is one in which an attacker just captures signals flowing from authorized devices, such as a corporate laptop to an authorized Access Point (AP). An active attack is one in which an attacker send signals to the authorized AP in order to solicit specific responses and intrude upon the corporate network, typically, in a very short timeframe.

During the wireless assessment, ecfirst will address all of the following areas and many more:

Discover the Wireless Access Points and Work Stations.
Investigate rogue devices installed without IT department consent.
Assess WiFi RF coverage trying to sniff from adjacent buildings and public locations.
Determine the existing WiFi Security Infrastructure.
Attempt to compromise the wireless security.
Determine encryption type and compromise the security.

Social Engineering Assessment

Companies with excellent security programs often spend large amounts of money on capital purchases to implement technical security controls. However, employees or contractors of the entity often prove to be the weak link in the security chain. Employee and contractor education is a key component to any information security program. Authorized members of the workforce have both authenticated access to information systems as well as physical access to facilities and secured areas. Responsible enterprises assess Human Resources security gaps as well as technical vulnerabilities.

During the social engineering assessment, ecfirst will attempt to gain unauthorized or inappropriate access to facilities, secured areas, documents, credentials, or confidential data. ecfirst security personnel will attempt to bypass security controls that are in-place in order to gain access to various assets. ecfirst will attempt to bypass electronic, personnel, and procedural controls during this assessment.

ecfirst will document and present a very detailed record of successes, failures, controls bypassed, access achieved and information obtained during the assessment. ecfirst will also deliver recommendations for personnel security enhancement needs and security controls requiring improvement or replacement as a part of the final report.

ecfirst Differentiators

ecfirst combines state of the art tools, the highest credentialed staff, and reporting that maximizes value, efficiency, and information for our clients to deliver the industry’s best Vulnerability Assessments.

ecfirst utilizes tools that are constantly updated to ensure that clients are aware of all of the vulnerabilities on their networks and systems. These include technical vulnerabilities all the way up to “zero day attacks”, dns vulnerabilities, Active Directory and database vulnerabilities, as well as information available in the public domain about our clients.

ecfirst deploys only highly credentialed and very experienced experts to client sites to perform vulnerability assessments. ecfirst engineers posses certifications such as CISSP, CISA, and CEH and have performed numerous assessments at clients spanning multiple industries. Our engineers understand the sensitivity and criticality of your systems.

Our clients benefit from the most useful reports in the industry. ecfirst provides our clients with descriptive reports that contain real world recommendations. Sections are included for both executive level audiences and the most technical engineer. Executive summaries draw out the most critical and pressing issues for quick comprehension and dissemination.

Contact Us

Please contact John Schelewitz at John.Schelewitz@ecfirst.com or at +1.480.663.3225 to learn more about the ecfirst BizShield™ Technical Vulnerability Assessment solutions to address critical compliance mandates. We would like to understand the regulations that impact your organization as well as your security challenges to determine how ecfirst can augment your efforts to achieve compliance with federal and state mandates..

Talk to us – you will find us to be a partner you can trust.

About ecfirst

ecfirst delivers world-class information security and regulatory compliance solutions. With over 1,400+ clients, ecfirst was recognized as an Inc. 500 business – America’s Top 500 Fastest Growing Privately Held Business in 2004 – our first year of eligibility. ecfirst assists organizations with their compliance initiatives for a secure information infrastructure that is compliant with regulations such as HITECH, HIPAA, ISO 27000, or federal and state legislations (such as California or Massachusetts).

ecfirst serves a Who's Who client list that includes technology firms, numerous hospitals, state and county governments, and hundreds of businesses across the United States and abroad. A partial list of clients includes Microsoft, Symantec, HP, McKesson, EMC, IBM, Principal Financial, U.S. Army, U.S. Dept. of Homeland Security, U.S. Dept. of Veterans Affairs and many others. ecfirst is exclusively endorsed by the American Hospital Association (AHA) for its HIPAA compliance training solutions.

Talk to ecfirst and you will find an organization that is passionate about the services we deliver and exceptionally devoted to its clients.

We deliver value with intensity and are paranoid about performance for your organization.

For more information, please visit http://www.ecfirst.com/.