pixel pixel pixel
pixel
logo
"Sacure is a leading trusted provider of
Managed Security and Professional Security Consulting Services"
pixel
threat center
05/16/2008
Vuln: libvorbis Multiple Remote Vulnerabilities
05/16/2008
Vuln: Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
05/16/2008
Vuln: rdesktop Multiple Remote Memory Corruption Vulnerabilities
05/16/2008
Vuln: TFTP Server Error Packet Handling Remote Buffer Overflow Vulnerability
05/17/2008
Bugtraq: [ MDVSA-2008:102 ] - Updated libvorbis packages fix vulnerabilities
05/17/2008
Bugtraq: [ MDVSA-2008:101 ] - Updated rdesktop packages fix vulnerabilities
05/17/2008
Bugtraq: [SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness
threat center
Sacure - Enterprise Security
about our services
partners

External Network Security Assessment

Sacure’s External Network Security Assessment (SENSA) gives you a “Hacker’s Eye View” of your Internet connected systems, as well as a complete understanding of how these systems are seen by malicious outsiders.

This allows vulnerabilities to be corrected before hackers break in. It’s the clear choice when you’re serious about achieving tangible protection.

The SENSA is not a “Zero Knowledge” test that could miss systems due to incomplete discovery, but covers all devices because network addresses are provided. Unlike a penetration test, SENSA identifies all potential vulnerabilities and those that are not are exploited, lowering the risk to your business.

The SENSA is a comprehensive review of your external network security. As such, it includes more than simple “scanning” or technical testing. SENSA features the following components:

  • Testing for vulnerabilities on Internet connected systems through the transport layer (OSI layer 4), plus operating system and service vulnerabilities.
  • Manual review and validation of all vulnerabilities identified through automated mechanisms.
  • A practical, risk-based evaluation of all identified vulnerabilities.
  • A review of Internet publicly available information about your technology, Internet connectivity, or other security related information.
  • A review of domain registration information.
  • Testing of all authoritative name servers for your domain. The deliverables for the assessment will be contained in a single Report of Findings and include:
  • A brief Executive Summary explaining our findings in non-technical terms, including a qualitative risk statement.
  • Detailed technical findings and practical recommendations for the remediation of identified vulnerabilities.
  • Submission of all Reports of Findings within 14 calendar days of the commencement of testing.
Options

  • Up to a one hour WebEX presentation of findings with Q&A (executive briefing plus technical review).
  • A quote for a telephone communications security assessment (a.k.a. “wardial” ).
  • A quote for a supplementary Web Application Security Assessment for web applications hosted on tested devices.
  • Detailed technical findings and practical recommendations for the remediation of identified vulnerabilities.
  • A review of additional domains resolving to hosts within the specified range.

Requirements

  • Testing will be performed during mutually agreed periods. Testing windows will be established via email prior to the execution of the testing. Minimally, testing will require two five-hour windows on consecutive days.
  • You must attest that all IP addresses, network devices and hosts belong to you, and that you have the authority to test all devices.
  • Network testing of this type is inherently risky. While Sacure will take all appropriate precautions to prevent any problems, you must agree to indemnify and hold us harmless for all damages whether they be direct, indirect, or consequential, arising as a result of this testing.
  • Sacure will provide the targets of the assessment as individual IP addresses or an IP address range in CIDR format.
  • All IP addresses tested in an individual assessment shall be in a single domain. Additional domains may be added at an additional cost.

Assumptions

Pricing is based upon the following assumptions:

  • The SENSA is a technical test only, and does not include an architecture review.
  • The SENSA is a broad-based vulnerability assessment and does not include “penetration testing” or an active exploitation of identified vulnerabilities.
  • The assessment will be performed using Sacure’s standard methodology, with its tools and from its location.
  • All findings will be furnished in pdf format.
  • All communication of sensitive data shall be via PGP signed and encrypted email.
  • All work papers and raw tool output will be provided upon request. The data will be provided in a GZip “tar” file format.

Payment is due upon receipt of the invoice.

Pricing is based upon the number of “active” IP addresses identified to Sacure or discovered during the assessment. An active IP address is an address from which a response packet is elicited upon any TCP or UDP port or by ICMP. Active IP addresses may be individual hosts, multi-homed hosts, virtual addresses or NAT addresses. Each IP address that a host responds with will be counted as an active IP address for the purposes of this pricing.

Sacure advises its clients to scan all addresses within their range even if no devices are thought to be assigned to these addresses. Rogue, unknown and incorrectly configured devices are often identified that present considerable risk to the client.
Security and Privacy Notice | Website Terms | site map                                                      Copyright © 2006 Sacure Corporation. All Rights Reserved