External Network Vulnerability Assessment Services

During an external network vulnerability assessment, Praetorian identifies vulnerabilities for external, Internet facing systems. Praetorian examines any identified vulnerabilities to determine whether they can be exploited by an attacker to compromise targeted systems or used to gain access to sensitive information. An optional penetration testing phase can be included to demonstrate exploitation of the underlying vulnerabilities.

Methodology for External Vulnerability Assessments

Praetorian's vulnerability assessment methodology assesses the targeted IP address ranges using a two-phased approach. An external vulnerability assessment is compromised of the following major phases: 1) Host and service discovery, and 2) Vulnerability identification and verification.

Host and service discovery compiles a complete list of all accessible systems and their respective services with the goal of obtaining as much information about your Internet facing assets as possible. This includes initial domain foot printing, live host detection, service enumeration, and operating system and application fingerprinting.

With the information collected from the discovery phase in hand, security testing transitions to identifying vulnerabilities in externally facing systems and applications using automated scans and manual testing techniques. Praetorian begins the vulnerability identification process with commercial and open source vulnerability scanners. Automated scans are good at identifying known and common vulnerabilities; however, automated scans are not good at detecting complex security issues, uncovering system and application-specific vulnerabilities, developing attack chains, or validating the findings reported. For this reason, automated scans represent only a small facet of the overall security assessment with the majority of vulnerability testing focused on manual testing and verification. Finally, risk priorities are assigned to each vulnerability according to Praetorian's comprehensive risk rating scale.

What You Get

Upon completion of the assessment Praetorian shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security. The detailed contents of the deliverable are described below.

The report deliverable will include the following high level sections in a format suitable for management:

  • Purpose of the engagement including project's scope and approach
  • Positive security controls that were identified
  • Tactical resolutions to immediately reduce risk in the environment
  • Strategic recommendations for preventing similar issues from recurring
  • An industry comparison based on consultancy experience and results from similar previous engagements

The report deliverable will also include the following in-depth analysis and recommendations for technical staff to understand the underlying risks and recommendations:

  • A technical description and classification of each vulnerability
  • Anatomy of exploitation including steps taken and proof in the form of screenshots
  • Business or technical risk inherent in the vulnerability
  • Vulnerability classification that describes the risk level as a function of vulnerability impact and ease of exploitation
  • Technical description of how to mitigate the vulnerability

Ready to get started?

Contact us at 1 (800) 675-5152 to get started with your External Vulnerability Assessment needs, or request a callback by submitting the form below.