Uncovering Network Vulnerabilities
Vulnerability scanning use sophisticated software application that aggressively seeks out security flaws on a network. It is based on a database of known vulnerabilities. Testing is performed across a network on all attached systems for the presence of these known vulnerabilities and generates a report of the findings that can be used to tighten the network’s security. Vulnerability scanning is accomplished from inside the network with the permission and cooperation of business management. While using this methodology does an excellent job of finding known vulnerabilities, the one weakness of this approach is that it will not find newly created or “zero-day” threats. To find these threats requires a penetration test performed by a skilled cybersecurity practitioner.
External Vulnerability Assessment
An external vulnerability assessment examines vulnerabilities for external, Internet facing systems to discover the presence of known vulnerabilities as listed on the Common Vulnerabilities and Exposures (CVE) list. (https://cve.mitre.org/cve/index.html) WyzGuys will perform an external vulnerability assessment using the professional scanning tool Nessus. WyzGuys will scan a list or range of public IP addresses provided by the customer. We will review the results, and produce a report with an analysis of the results and a list of remediation tasks. Once the vulnerabilities have been remediated, we will perform a second scan to confirm that the vulnerabilities have been successfully addressed.
Internal Vulnerability Assessment
Standard
A standard internal vulnerability assessment identifies and examines network vulnerabilities for systems on the internal network or LAN, for the presence of known vulnerabilities as listed on the Common Vulnerabilities and Exposures (CVE) list. (https://cve.mitre.org/cve/index.html) WyzGuys will perform an internal vulnerability assessment using professional scanning tools. We will scan a list or range of private IP addresses provided by the customer. Under the Standard Assessment, CIT will provide the report output of the scan only.
Premium
A premium internal vulnerability assessment identifies and examines network vulnerabilities for systems on the internal network or LAN, for the presence of known vulnerabilities as listed on the Common Vulnerabilities and Exposures (CVE) list. (https://cve.mitre.org/cve/index.html) WyzGuys will perform an internal vulnerability assessment using professional scanning tools. We will scan a list or range of private IP addresses provided by the customer. Then we will review the results, and produce a report with an analysis of the results and a list of remediation tasks. Once the vulnerabilities have been remediated, we will perform a second scan to confirm that the vulnerabilities have been successfully addressed.