1.888.749.9800

Home

Our Services

MANAGED SECURITY SERVICES
Security Blanket Services

Most Popular Services
Compliance Programs	Security Blanket	Security Strategy Architecture & Design
Application Vulnerability Testing	Penetration Testing	Security Services for Hosted Applications

DESIGN & IMPLEMENTATION
Smart Phone and Tablet Security
Security Strategy
Identity & Access Management Services
Security Policy & Best Practices
Incident Response “Scrimmage”
Training Exercise

Penetration Testing and Exposure Profiling

Never, Never, Never

SystemExperts never outsources nor subcontracts this work. We never use hackers, and we never leave systems in a less secure state than when we found them (no back doors) - many other firms cannot say the same.

SystemExperts regularly performs both network and application vulnerability testing. For each of the testing scenarios described below, our reports focus on concrete and practical measures you can take to address any deficiencies we might find.

Contact SystemExperts to learn more about our penetration testing and exposure profiling services.

Some of the testing scenarios we frequently perform include:

Internet Exposure Profile

(also known as Tiger Team Attack or White Hat Penetration Testing)

As a skillful outsider on the Internet, we focus on vulnerabilities related to TCP/IP protocols and services. We specifically look for problems in your DMZ or firewall setup, the configuration of your systems, and unauthorized access to resources in your environment. In this test scenario, we will attempt to gain administrative privileges on systems and see if we can reach data.

Contact SystemExperts to learn more about our penetration testing and exposure profiling services.

System Hardening Assessment

Many organizations deploy standard builds to support key Internet accessible services or environments. These builds typically consist of class of computers, an operating system configured in a particular way, and a set of layered software products. Fully understanding the security profile of your standard platforms is critical in understanding the security profile of your enterprise.

In other cases, organizations deploy mission critical applications on a hardware and software platform outside the firm’s technical expertise. Assessing the security hardening of these critical systems makes sense.

Contact SystemExperts to learn more about our penetration testing and exposure profiling services.

IP Services Inventory

Large organizations often lose track of the IP-based services they are exporting to the Internet. Periodic remote scanning of their external address space enables them to better manage their exposure by eliminating unnecessary security vulnerabilities.

SystemExperts will remotely scan your external IP address space for IP-based services accessible from the Internet. For each IP address scanned, SystemExperts will look for service availability on well-known TCP and UDP ports and we will categorize whether service availability is either open (reachable) or closed (not reachable). The deliverable is a spreadsheet containing the IP Services Inventory.

Some of our clients stop at this point and remove any unexpected/unnecessary services that we found. Others prefer more closure. After remedying the problems, they provide us with a Re-scan List. SystemExperts then remotely re-scans the IP addresses in the Re-scan List and updates the IP Services Inventory spreadsheet to reflect any changes.

Firewall Review

Firewall rules tend to grow by accretion; changes to the rules are made to support the evolving needs of the business and they tend to accumulate over time. Too often, the rule set grows too large to be readily understood. Too often, later rules contradict earlier rules. Too often, a particular business need that required a specific opening in the firewall, no longer exists but the opening remains as a historical artifact. SystemExperts will work with you to document how the firewall should function and review the configuration to determine if the configuration is consistent with the expected behavior.

Dial Exposure Review (Wardialing)

While Internet-based attacks get the headlines, hackers continue to use direct dial attack techniques to do significant damage to companies. By systematic dialing and analysis of your telephone resources, we will assess your exposure to this classic form of hacker attack.