R. Kinney Williams
 & Associates

 Vulnerability Test Configuration

The objective of the vulnerability test is to evaluate externally the security of financial institution's corporate network.  Information gained from this assessment is intended to establish a baseline for security-related issues viewed over time.

During the testing process, Cutting Edge Solutions professionals scan the financial institution's network from the perspective of a knowledgeable attacker using Cisco’s Net Sonar vulnerability scanning and network mapping system (illustrated above).  The external scan focuses on security issues from the perspective of an attacker located outside of the network. The process consists of the phases described below:

·         Mapping - Networks are constantly changing to meet financial institution's requirements imposed on them by the need for increased productivity, access to information, and communications.  These dynamic and ongoing changes inadvertently increase the security risk of an organization.  The mapping phase is divided into the following two actions;

·         Host Discovery - an electronic inventory of the systems on your network.

·         Service Discovery - an electronic inventory of the services on each system.

·         Vulnerability Analysis - Vulnerability Measurement and Data Collection is the exploitation of network vulnerabilities to systematically measure the vulnerability state of the overall electronic perimeter.  We measure and record vulnerability data for each system tested without causing disruption or interference to the systems being probed.

·         Reporting identifies network-computing equipment and security vulnerabilities associated with each device and security holes before they are used against the financial institution.

·         Target Analysis determines the financial institution's visibility from the outside; correlates network maps and identifies potential vulnerabilities.  This phase provides insight into both the potential of a successful attack and the likelihood that system administrators would detect such an attack.

·         Data Analysis and Reporting provides the financial institution an assessment of the existing security architecture and actions to be taken to improve any deficiencies.  Our reports are intended to be useful to network engineers, system administrators and executive management.