Security Audits

Auditing Services

We provide several levels of audits, and will add more as our group matures and broadens. Only local area audits are currently offered. Off-site facilities, customer sites, and classified audits may be added in the future. An audit may encompass just one machine, or even an application on that machine. It may be concerned with just one network, or with the entire enterprise. The level of auditing, and types of tests used vary according to customer preference and need, and the current and future capabilities of the auditing team.

Audit Levels:

Site Audits
Network Audits
- Local Area Network
- IP Range (no range smaller than 32 hosts will be considered)
- Firewalled environments
Host Audits
- Single Host
- Multiple hosts
- Source Code Audit
Vulnerability Assessments
- Penetration tests
- Threat Analysis
Auditing Techniques and Tools
Security Policy Analysis

Social engineering is assumed to be part of these audits unless we are specifically requested not to use these techniques.

Site Audits

A Site Audit encompasses the entire enterprise, or a discrete portion of that enterprise (such as a division or group). Site Audits may be done on request, but require a signed authorization. This type of audit is useful if it is desired that the firewall and the occupants of the DMZ (such as the company web site, and any ftp, email, or other network services) be tested for vulnerabilities. All audits are done with limited disclosure, so that affected business will be carried on in a normal fashion. Site audits also include such things as "wardialing" -- a test to discover modems, terminal servers, and other answering devices. This will discover known and authorized modems, misconfigured modems, and unauthorized devices.

Network Audits

A network audit makes use of various tools, and discovers potential vulnerabilities on the local networks. A network topology is built using SNMP and other protocols, and compared to the current understood topology (if there is one). Specific problems that may be inherent in a particular style of networks will be addressed at the time the audit is arranged. Very few networks are homogeneous, and it is assumed that most networks will require a unique approach.

Host Audits

Vulnerability Assessments

Auditing Techniques and Tools

Security Policy Analysis

Sample Reports and Industry Standards

A Glossary and Definition of Terms

Release and Authorization

The Auditing Checklist

This Site Security Audit Checklist is targeted towards a small to medium single site operation. The data will also be used as part of a future Enterprise Security Checklist. This checklist targets top level security items to ensure that essential policies, procedures, methodologies, and tools are in place to provide a security framework. Other security audit checklists may be used to verify specific installations of software, systems and networks. It is expected that this check list will be tailored to a specific site's needs and operations.

Disclaimer: This audit, and all audits performed by the auditing team, are done under the aegis of the OSSTM. While every effort is made to be professional and complete, these audits should only be used in conjunction with your standard security preparations.

Last modified: Tue Nov 9 20:07:39 PST 2004