Identify “Potential” Risks and Vulnerabilities in the “Internal” Network
- Perform data gathering and reconnaissance (using publicly available information and non-intrusive social engineering);
- Perform scanning and probing:
- Perform network scans on approximately 20 external IP addresses and up to 1250 devices/hosts (i.e., 1000 Workstations, 150 Servers, and 100 Network Routers) residing on the Organization’s internal network.
- Identify vulnerabilities within:
- Operating systems;
- Services and applications;
- Accounts; and,
- Shares, volumes, and other file system mounts.
- Determine BPS’s ability to detect and respond to scan activity.
Evaluate and classify each potential risk and vulnerability into the following categories:
- False Positive – Scanning tools report vulnerabilities when certain conditions exist. Those conditions, however, in certain situations and configurations, do not pose vulnerability. Hence, the classification of “false positive” is warranted.
- Accepted Risk – Certain vulnerabilities present a low risk because the risk of exploitation is low and the impact, if exploited, is low, etc. These vulnerabilities and the related risks can be “accepted” by management and receive this classification.
- Mitigated Risk – Certain vulnerabilities exist, however other controls (e.g., Intrusion Prevention Systems, Application Firewalls) exist and would minimize the risk of an attack succeeding. These vulnerabilities would be classified as “mitigated”.
- Remediation Required – Vulnerabilities that are of significance and/or have impact require “remediation” and would be classified as such.
Additionally, where applicable, eDelta will identify the MITRE Common Vulnerability and Exposures (CVE) information within the report for each vulnerability.
NOTE: eDelta will leverage its Security Vulnerability and Remediation toolkits (See Table 2) in order to evaluate and classify each potential risk and vulnerability into the above-mentioned categories, track issues to a resolution where remediation is required, and eliminate false/positives, accepted risks and mitigate risks from future scan results and reporting.
Rapid7 is eDelta’s preferred vulnerability software, which provides IT organizations with a comprehensive method of assessing the security of a computer network. eDelta will use Radid7’s network scanning and vulnerability assessment module for:
- Asset discovery;
- Asset prioritization;
- Vulnerability testing;
- Risk scoring and analysis;
- Remediation tracking;
- Policy compliance; and,
- Website vulnerability assessment.
Rapid7 is a flexible application that can be run behind the firewall to focus on host-based issues and run as an external service to address the network perimeter. It is built on a robust platform suitable for enterprise deployment and is completely Operating System independent.
Rapid7 allows you to fully customize scan settings to conduct focused audits, detect vulnerabilities or changes within the network configuration/architecture, identify transient or rogue devices and catalog existing technology assets.
- Probe for IT assets on a network;
- Scan for more than 30,000 vulnerability checks against 1,500 devices and is updated daily to ensure maximum protection for a network;
- Conduct local and remote scans with any desired frequency;
- Perform distributed scanning to increase the performance of scans and overcome network boundaries;
- Support specific policies and/or rules depending on the type of network device; and,
Aggregate scan results in a central repository.