Infrastructure Security Assessment

SecurBay / Infrastructure Security Assessment

IS-1 Internal Vulnerability Assessment

Ref. Code:	IS-1
Objective	To identify servers and devices on your network that is open to known vulnerabilities, without actually compromising on your systems.
What we do	Pre-Assessment Analysis Information Gathering Port Scanning Enumeration Vulnerability Identification Manual Testing and Deletion of false positive Exploiting the vulnerabilities & collecting evidences Mitigation Strategies Report Generation
Requirements	Sign the Non-Disclosure Agreement (NDA) Provide a list of servers and devices for conducting Vulnerability Assessment
What you get	Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators) reports that include findings and recommendations Follow-up activities to assist in implementing the recommendations and mitigating the risks outlined
Suggested frequency	Quarterly

IS-2: External Penetration Testing

Ref. Code:	IS-2
Objective	To determine your organization’s weaknesses as an attacker would find it.
What we do	Pre-Assessment Analysis Information Gathering Port Scanning Enumeration Vulnerability Identification Manual Testing and Deletion of false positive Exploiting the vulnerabilities & collecting evidences Mitigation Strategies Report Generation
Requirements	Sign the Non-Disclosure Agreement (NDA Sign an Indemnity Agreement Provide a list of IP addresses for conducting the External Penetration Test Backup data on the server is to be taken before conducting the Test
What you get	Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators) reports that include findings and recommendations Follow-up activities to assist in implementing the recommendations and mitigating the risks outlined
Suggested frequency	Half-Yearly

IS-3: Configuration Audit of Servers and Devices

Ref. Code:	IS-3
Objective	To identify the exposures and configuration weaknesses, that may make a host more susceptible to compromise on security and standards.
What we do	Review of the server configuration and compare it against the vendor best practices Review of the Patch Management Process and ascertain the Current Patch Status Review of the user creation process and user role authorizations Auditing and logging mechanism: Types of audit logging and Log Monitoring
Requirements	Sign the Non-Disclosure Agreement (NDA) Provide a list of IP addresses for conducting the External Penetration Test
What you get	Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators) reports that include findings and recommendations Follow-up activities to assist in implementing the recommendations and mitigating the risks outlined
Suggested frequency	Quarterly

IS-4: Database Security Audit

Ref. Code:	IS-4
Objective	To identify security issues pertaining to the database that arise due to procedural lapses, misconfiguration, missing vendor patches etc
What we will do	Information Gathering Review of Data Access that includes: Perimeter controls User identity and access management Application systems (particularly ERP systems) Privileged users (excessive access rights than needed) Protection From Software Vulnerabilities (Missing Patches) Hardening System Components (Changing default passwords, Deleting default unused accounts etc.) Reviewing Data Backup and recovery procedures Reviewing Business continuity measures Compliance Requirements for Stored Data Mitigation Strategies for the identified risks Report Generation
Requirements	Sign a Non-Disclosure Agreement (NDA) Provide the Network/segmentation diagram representing the location of the DB servers Details of external connectivity allowed to DB server (if any) Network / segmentation diagram where DB servers are located
What you get	Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators) reports that include findings and recommendations Follow-up activities to assist in implementing the recommendations and mitigating the risks
Suggested frequency	Half Yearly

Leave a reply

© 2018 SecurBay Services Pvt. Ltd.
SecurBay is a registered trademark of SecurBay Services Pvt. Ltd

Translate »