base2co at gmail dot com

Remote or On site? In-depth or Quick Vulnerability Check

We can provide a remote outside-in view of your network and its associated vulnerability snapshot. Or our technical staff can come on site and look from the inside more in-depth to provide a better overview. The choice is yours. Both will include a full report detailing the finding, methodology, and recommended course of action. Some of the services available are:

Through use of automated and manual techniques our technical staff will attempt to locate and potentially leverage vulnerabilities to expose information in your systems. We will also provide you with workarounds and solutions to the issues we have discovered on your systems.

We will either use an existing network diagram, where an up-to-date diagram exists, or gather the information ourselves through use of various networking tools . This network diagram will then be used to plan the review exercise.

The design of a network has a strong bearing on the relative security of the overall infrastructure. Base2co will evaluate the design of the network and produce a report detailing findings and recommendations for any remedial action.

The structure of the network is not the only network element vital for the overall security of the infrastructure. It is also necessary to examine the way in which network traffic is passed over the network and the way in which network elements are controlled. Investigations within this component of the review concentrate on IP routing protocols, access to key routers/firewalls, and the review and investigation of any SNMP (Simple Network Management Protocol) enabled devices. This will include attempts to brute force SNMP community names for example.

We will review all identified critical hosts within the clients network. These critical hosts will normally include:

•Â All publicly accessible servers

•Â All servers on which confidential data is held

•Â All servers that provide functionality to the rest of the network

•Â The Host Security Review aims to discover any vulnerabilities in the identified servers that could lead an attacker to compromise the system. We investigate both the underlying operating system and the application running on the server.