Information is your organization's greatest asset, and protecting it is your greatest challenge. The first line of defense is knowledge: Are your networks vulnerable? Prudential Associates information security specialists can tell you.
Recurring Security Analysis
New network vulnerabilities and computer viruses are created every day.The Recurring Security Analysis package is similar to the Basic Security Package, however, it continuously monitors your systems for new vulnerabilities and will notify you should any changes need to be made to further secure your network.
Additional Services
In addition to our standard packages, Prudential Associates also offers customized security solutions. Additional services include:
- Vulnerability assessment
- Network and systems hardening
- Policy planning, development, and enforcement
- Corrective action plans
- Employee training
- Data protection
- Disaster recovery plans
- And more
Basic Network Security Assessment Package
The Basic Security Package includes the most essential vulnerability scans, security analysis, and technical reports. Prudential Associates uses a wide range of tools and tests developed over the years through penetration testing experience with high-profile clients. Although this package does not include penetration testing, the information from the Basic Security Package will give a realistic external perspective on your network's security. This high-impact vulnerability assessment package includes comprehensive testing for over 12000 network vulnerabilities.
Technical aspects of the Basic Package:
- Detailed network mapping and systems identification
- Information-gathering attacks probing ICMP, UDP, and TCP services
- Thorough multiprotocol TCP/IP stack interrogation of each IP address
- Identify and address vulnerabilities
- In-Depth web security inspection/certify network
Advanced Network Security Assessment Package
The Advanced Security Package includes the vulnerability tests, analysis, and reporting that are offered through the Basic Security Package with an additional penetration testing component. The penetration testing component is an elite, high-level service that requires the time and effort of experienced network security penetration testing experts to break a system's security and submit methodology documentation.
Technical aspects of the Advanced Package include all tests from the Basic Package, plus:
- Current remote exploits from the hacking underground that are too new to be included in the automated scanning tools
- Custom "bruteforce" dictionary created from website, zone information, hostnames, usernames, and optionally public forums
- Authentication system subversion auditing using high-risk dictionaries and optionally the custom bruteforce dictionary listed above. Services tested may include netbios, telnet, ftp, rsh, rexec, rlogin, pop3, http, imap, ssh and optionally ldap, sql, oracle, and other databases
- Manual web security inspection - testing of custom CGI scripts that are in use
- Firewall subversion techniques including source porting, source routing, spoofing, DNS alteration, ftp bouncing, fragmentation, and other network voodoo (extreme techniques)
Deliverables for all security packages include a detailed report of all vulnerabilities, including vulnerability repair instructions, a prioritized list of action Items, and a detailed network map.
