Home | Site Map| Contact Us
SophosWebsenseCelestix Microsoft ISA/IAGWebrootMIMEsweeper


Tel: 01223 810910 (Main)
Tel: 01223 810911 (Technical)

Register for latests news
and events:




Vulnerability Assessment
Internal and External Facing Systems

Download PDF of Foursys Vulnerability Assessment

Over 60% of UK businesses have suffered at least one security breach in the past year, and the average cost of a single breach has been estimated at £12,000. Foursys will test the security both of your Internet facing external systems and your internal systems and provide a detailed security report with recommendations to correct potential risks.

What is a Vulnerability Assessment?

A Vulnerability Assessment is a security check of your internal and external (Internet) facing computer systems. Typically you may have firewalls, web servers and email servers that sit on the outside of the network. A typical penetration test is designed to assess these systems, to ensure they are set up and operating correctly. A vulnerability assessment takes this one step further by identifying any security weakness, missing service packs etc, on internal as well as external systems.

These checks are typically performed across your entire network, identifying any servers, workstations or other network devices that may have security related weaknesses. The assessment also reviews internal procedures and information security measures to ensure best practice.

Why should I have a test performed?

Like all computer systems, these servers are only as effective as the configuration they have had applied. With complex policies and rule-sets it is often possible to have conflicting configurations, which may not be obvious. It is also possible to have inherent vulnerabilities (we are all aware of how many patches are released by Microsoft for example). If there is a vulnerability, mistake, or conflict within the configuration, then it can lead to a real security risk for your entire organisation’s network.

Many hackers have automated processes for finding vulnerable systems at the network perimeter such as port scanning. Once identified it is entirely possible for these hackers to potentially gain access to the network infrastructure and data stored within. This in turn can lead to:

  • Data loss or unauthorised manipulation of data.
  • Breach of regulatory requirements i.e. data confidentiality.
  • Damage to the organisations brand name and reputation.
  • Prosecution in the worst case, according to the nature and severity of the data lost.

Security breaches or data hacks need not be external to your network. In fact security experts agree that most security related incidents are now internally borne and many are entirely accidental. A vulnerability assessment will help to highlight systems that are potentially weak and exposed.

Summary

The Foursys Vulnerability Assessment can do the following:

  • Provide reassurance of correct security measures and settings.
  • Help identify and prevent any possible data loss from hackers, disgruntled employees, accidental data leakage etc.
  • Ensure compliance with regulatory standards i.e. Data Protection Act.
  • Preserve your brand name by protecting customer confidential data
  • Protect against data loss leading to potential legal action
  • Prove that Best Practice has been demonstrated by the IT department

What can Foursys provide?

Foursys can provide a full security assessment of your internal and external systems from a ‘hackers view’. This will typically take 2-6 days onsite time, depending on the size and setup of the network.

  • This assessment is both locally and remotely performed on your entire network (subject to survey/agreements)
  • The security check will be carried out by professionals who have many years experience in the security field and will use multiple tools and security techniques.
  • We will review access points on to your network.
  • Perform a review of Gateways and their configuration (Firewall, Email, Web, VPN, etc)
  • We will review your security policies and procedures.
  • Perform a review of your physical access controls.
  • We will provide a full security report on the network and include any corrective recommendations. Please note that the report is generated specifically for your organisation and may take several days to prepare.

How much will it cost?

In almost all cases the Vulnerability Assessment can be provided on a fixed cost basis. Contact Foursys for a detailed quotation.

What will the Vulnerability Assessment include?

  • Physical Security
    • Core Servers in protected room with access control.
    • In room protection (i.e. Gas etc.)
    • Building Security
    • Laptop/Portable physical security.
  • Infrastructure map and Assessment.
    • Network Infrastructure, domain overview (where applicable), general information on how the network is configured and utilized.
    • Gateways
    • VPNs.
    • Firewalls
    • Routers (inc Wireless)
    • Key Servers
    • Key Software Applications.
    • Databases.
  • Organisational security responsibility map.
  • Security Procedures.
    • Patch Management
    • Event log analysis.
    • AV/gateway checks
    • Database Logging.
    • Remote Users/Procedures.
  • Detailed Per Node Assessment
    • Operating System Breakdown.
    • Top 10 Vulnerable Hosts
    • Vulnerable Count by Operating System
    • Service/registry listings.
    • Missing Patches
    • Open Ports.
  • Selected (Random Selection) Node Assessment.
    • Anti Virus/Malware/Spyware test.
    • User control/access to desktop machines.
  • Remote Dial in Access Findings
  • In-depth security assessment of servers and identified vulnerabilities.
  • Passwords
    • Policy Structure.
    • Administration.
  • Web/Protocol usage/leakage security report and findings.
  • Review of your current computer security, internet, email, compliance policies.
  • Recommendations comparing Industry Best Practice and Foursys Recommendations.
    • Physical Security
    • Infrastructure.
    • Organisational security responsibly map
    • Security Procedures.
    • Node Assessment recommendation summary.
    • Remote Dial in
    • Server Review
    • Password Review
    • Web/Protocol Usage.
    • Computer Security and compliance policies.
  • Report Summary 

Summary

The Vulnerability Assessment is designed to give you peace of mind about the security of your network.

The Vulnerability Assessment provides evidence of Best Practice as regards overall security policy.

Foursys recommends that all organisations with any form of sensitive data regularly undergo a regular Vulnerability Assessment, as new vulnerabilities and new methods used by hackers are constantly evolving and emerging. Foursys is able to provide this regular service to our customers and periodically assess your external and internal systems.

 
• Security Threat Report by Sophos - January 2010
• Sophos Endpoint Training Course - special for Education customers
• 15 December 2009 - Webroot Partnership with Foursys
• November 2009 – Sophos A-Z of Computer Security Threats – Threatsaurus PDF


 

Foursys Ltd, 2 Stow Court, Stow Road, Quy, Cambs, CB25 9AS
Phone: 01223 810910 (Main) | 01223 810911 (Technical) | Fax: 01223 810912 | Email: webenquiries@foursys.co.uk
Copyright | Privacy

Specialist in network threat protection based in Cambridge. Providing AntiVirus, AntiSpam, URL Filtering, Mail and Web content security. Integrating Sophos, Websense, SurfControl, Celestix, MIMEsweeper, Webspy, and Microsoft ISA solutions.