Services

AQ Technologies Security Audit

Security Audit/Vulnerability Assessment

A security audit begins with our technicians documenting the structure of your network. This documentation will go into a diagram, which allows for analysis of traffic flow. This documentation also provides our technicians with what they need for the next step: network entry points.

The second step in the audit is to have our technicians diligently test each entry point's security during a pre-determined maintenance window. Various exploits will be attempted, simulating a real threat. These are to include, but are not limited to:

802.11a and b - our technicians will attempt to connect to your network wirelessly, sniffing airborne packets if available.

Access via the public internet - our technicians will attempt to gain unauthorized access to your network over the public internet. This is the bulk of the work, and includes testing of all inbound-enabled service testing (email, www, terminal services, etc), firewall testing, and router testing.

L0phtCrack - our technicians will run this popular "brute-force" password cracker, to see how weak user passwords are (Internet Security Systems cites weak passwords as the #1 threat to security).

Unauthorized Physical Access - one of our technicians will bring in a laptop that is not a member of your network, and will see what resources have "guest access."
Wardialing - during the documentation process, we will determine what telephone numbers your company uses. We will then attempt to "dial in" with modems, to each of these lines, noting what we find. If prompted for authentication, our technicians will attempt to circumvent it.

Deliverable