When assessing Host Security, we look for known vulnerabilities, missing patches and outdated services. It's surprisingly common to find that the host might be fully updated and secured, but a web plugin might be left at an old version, with a known vulnerability available to an attacker. Assessing a host or group of hosts is generally a relatively simple exercise, remediating any issues found can either be taken on by your team, or the hosts can be secured in a cooperative effort.
In a Firewall assessment, we look at your firewall configuration. We start by looking for any known insecure services that are exposed to the untrusted sources, as well as any legacy services - rules that are configured on the firewall but do not have a corresponding host or service on the network. Equally important, we'll assess your firewall configuration against recommended or best practices settings. In most cases we can use vendor-agnostic recommendations, such as those posted by the Center for Internet Security, in conjunction with years of experience and input from your business requirements and processes.
While not a full Web Application Assessment, a basic application assessment will generally be part of any perimeter assessment. A basic application assessment will look at the server configuration, exposed services, configuration of HTTPS and certificates, and in particular older installed web applets, plugins, libraries or APIs that are running an out of date version or are otherwise known to be vulnerable to attack or exploits.
Web applications and in particular the APIs involved in web services are where security testing is focused in the 2000's. While network services can be breached, those are usually temporary(ish) conditions. If an attacker can breach the web application or the underlying API, that's a reliable method that can be used for years. Let us use specialized tools and expertise to test your web services for unauthorized access!
In an engagement of this type, we simultaneously assess the target hosts from both the public internet and from the inside network, usually with credentials. While a real attacker only has access to your internet-facing perimeter, they also have infinite time to attack. An Inside / Outside assessment gets the most assessment work done for the least amount of time and budget. These
In an external Penetration Test, we use all intelligence available to break into or compromise the various perimeter services. Normally the goal is to gain an internal or privileged position on the host(s) or network, but the end goal of a penetration test will often vary from engagement to engagement. The goal is normally to use assessment and attack techniques to compromise one or more security controls. Full Penetration Tests are not normally recommended as a first step in any security program.
Most of the services described above have the potential to overlap each other. For instance, a Perimeter Assessment or Penetration Test will typically also involve any firewalls, exposed web applcations or APIs. In most cases none of these are "off the menu" type projects. Generally we consider your environment and goals, and propose a tailored project that fits your business needs.