Technical Vulnerability Assessment

Solutions from ecfirst

Technical Vulnerability Assessment

The Office of Civil Rights (OCR) wants to ensure that organizations have identified all of the risks and vulnerabilities to the EPHI that they collect, store, process, or transmit. The ecfirst bizSHIELDtm risk analysis program includes a technical vulnerability assessment to address HIPAA and HITECH mandates with the objective of establishing and prioritizing compliance and security gaps. The ecfirst bizSHIELDtm Technical Vulnerability Assessment Service supports several distinct components, including:

  • External Assessment
  • Internal Assessment
  • Firewall Assessment
  • Wireless Assessment
  • Social Engineering Assessment
  • Penetration Testing (Express)
When was the last time your organization conducted a risk analysis activity that included a technical vulnerability assessment?

External Vulnerability Assessment

ecfirst will identify vulnerabilities within client's Internet-facing infrastructure, and attached network systems. ecfirst follows a pragmatic approach when conducting a vulnerability assessment or penetration test. This results in a perfected, repeatable process that maximizes information transfer to the client and ensures that all vulnerabilities have been identified. 

It is recommended that the testing include the following types of systems:

  • E-commerce servers
  • Internet or DMZ located Database servers
  • Internet screening routers
  • Internet-facing firewalls
  • E-mail server
  • DNS servers
  • Servers storing or processing EPHI
  • Web Applications
  • Other sensitive systems

Internal Vulnerability Assessment

ecfirst will perform an internal network vulnerability assessment on client internal network infrastructure. This testing will verify that the security controls implemented on a sample set of five (5) selected hosts, including servers located in the IT Data Center or desktop PC images provide an adequate level of protection against network attacks. ecfirst can include many valuable components such as: 

  • Active Directory
  • Endpoint data loss
  • SNMP Settings
  • SQL servers
  • Networked systems

Firewall Assessment

ecfirst will review the organization’s Internet-facing firewall to identify the current security posture in three critical areas: 

  • Rulebase configuration
  • Current IOS (or other operating system) and patch revision release level
  • Vulnerability assessment of configuration file

Rulebase configuration is critical to the integrity and operating security of a firewall. The rulebase should be tied to business requirements. Every rule that is configured on a firewall is essentially a permissible security hole into the company’s network infrastructure. Each of these rules should have a well defined business need for existing. However, many corporations open rules for testing and never close them when the test has completed. Additionally, many rules are opened up because of then-current business needs, but never closed or repaired once that need, or the corresponding business contract, has ended. This results in legacy access and a vulnerability providing a pathway into the internal network. 

Wireless Assessment

Wireless networks are particularly vulnerable to attacks because it is extremely difficult to prevent physical access to them. The only advantage they have in this respect is that an attacker must be in relative physical proximity to the network, which can limit the pool of potential attackers. However, with the price of high gain antennas being extremely small, attackers can strike from much further distances with affordable ease. To secure a wireless network, an administrator should know what types of vulnerabilities exist and what types of attacks can exploit them.

The WiFi Vulnerability Assessment will be done as part of the internal security assessment. War Walking is the approach/methodology used for the assessment and the scope is defined as:

  • ecfirst will perform a wireless assessment at one location
  • Discovering the Wireless Access Points visible within the location
  • Identify potentially rogue devices - Rogue access points installed by employees without IT departmental consent.
  • Determine the existing WiFi Security Infrastructure such as SSID protection; MAC filtering, VPN and encryption mechanism used (if any), and possibly supplicant certificates.
  • Attempt to compromise wireless security after sniffing sufficient packets or performing man-in-the-middle attacks.

Social Engineering Assessment

Organizations with excellent security programs often spend large amounts of money on capital purchases to implement technical security controls. However, employees or contractors of the entity often prove to be the weak link in the security chain. Employee and contractor education is a key component to any information security program. Authorized members of the workforce have both authenticated access to information systems as well as physical access to facilities and secured areas.

During the social engineering assessment, ecfirst will attempt to gain unauthorized or inappropriate access to facilities, secured areas, documents, credentials, or confidential data. ecfirst security personnel will attempt to bypass security controls that are in-place in order to gain access to various assets. ecfirst will attempt to bypass electronic, personnel, and procedural controls during this assessment. ecfirst will document and present a very detailed record of successes, failures, controls bypassed, access achieved and information obtained during the assessment.

Penetration Testing (Express)

The ecfirst Express Penetration Test is less comprehensive than the full Penetration Test in scope as it only addresses external and internal technical vulnerabilities & threats; physical and personnel vulnerabilities and threats are not evaluated. A detailed technical Corrective Action Plan (CAP) is included in the bizSHIELD™ report to provide actionable directives for addressing the identified deficiencies.

The ecfirst Express Penetration Test for will be broken up into distinct phases of analysis:

  • External Penetration
    • Reconnaissance phase (including the Google Hacking Database), Web Applications and Networked Systems phases are all performed in 1 day
  • The Internal Penetration (including the Wireless Penetration) is generally performed in 1 day during the onsite visit.

ecfirst Differentiators

ecfirst combines state of the art tools, the highest credentialed staff, and reporting that maximizes value, efficiency, and information for our clients to deliver the industry’s best Vulnerability Assessments. 

ecfirst utilizes tools that are constantly updated to ensure that clients are aware of all of the vulnerabilities on their networks and systems. These include technical vulnerabilities all the way up to “zero day attacks”, dns vulnerabilities, Active Directory and database vulnerabilities, as well as information available in the public domain about our clients. 

ecfirst deploys only highly credentialed and very experienced experts to client sites to perform vulnerability assessments. ecfirst engineers posses certifications such as CISSP, CISA, and CEH and have performed numerous assessments at clients spanning multiple industries. Our engineers understand the sensitivity and criticality of your systems. 

Our clients benefit from the most useful reports in the industry. ecfirst provides our clients with descriptive reports that contain real world recommendations. Sections are included for both executive level audiences and the most technical engineer. Executive summaries draw out the most critical and pressing issues for quick comprehension and dissemination. 

Contact Us

Please contact Lorna L. Waggoner at or at +1.877.899.9974 ext 17 to learn more about the ecfirst bizSHIELDtm Technical Vulnerability Assessment solutions to address critical compliance mandates. We would like to understand the regulations that impact your organization as well as your security challenges to determine how ecfirst can augment your efforts to achieve compliance with federal and state mandates..  

Talk to us – you will find us to be a partner you can trust.

About ecfirst

ecfirst delivers world-class information security and regulatory compliance solutions. With over 2,000+ clients, ecfirst was recognized as an Inc. 500 business – America’s Top 500 Fastest Growing Privately Held Business in 2004 – our first year of eligibility. ecfirst assists organizations with their compliance initiatives for a secure information infrastructure that is compliant with regulations such as HITECH, HIPAA, MARS-E, ISO 27000, or federal and state legislations (such as California or Massachusetts).  

ecfirst serves a Who's Who client list that includes technology firms, numerous hospitals, state and county governments, and hundreds of businesses across the United States and abroad. A partial list of clients includes Microsoft, Symantec, HP, McKesson, EMC, IBM, Principal Financial, U.S. Army, U.S. Dept. of Homeland Security, U.S. Dept. of Veterans Affairs and many others.

Talk to ecfirst and you will find an organization that is passionate about the services we deliver and exceptionally devoted to its clients.  

We deliver value with intensity and are paranoid about performance for your organization

For more information, please visit