Site Audits

A Site Audit encompasses the entire enterprise, or a discrete portion of that enterprise (such as a division or group). Site Audits may be done on request, but require a signed authorization. This type of audit is useful if it is desired that the firewall and the occupants of the DMZ (such as the company web site, and any ftp, email, or other network services) be tested for vulnerabilities. All audits are done with limited disclosure, so that affected business will be carried on in a normal fashion. Site audits also include such things as "wardialing" -- a test to discover modems, terminal servers, and other answering devices. This will discover known and authorized modems, misconfigured modems, and unauthorized devices.

If this audit involves a securing a web site, then source code audits of the web site itself are advisable. This type of audit may last from two days to a few weeks, depending on the size of the site, and the severity of the problems found. Snapshot updates are available for long term audits, which will become part of the final report at the close of the audit.

Social Engineering will be attempted in this audit, unless we are specifically requested not to. Social engineering is the biggest threat to the security of the enterprise, and should be considered part of the necessary review.

• The length of the audit depends on the size of the enterprise, and the depth of the of the tests required.
• Audits may be either on-going, or a single snapshot.
• An on-going audit may be contructed to last for some predetermined period of time, or a month to month contract. No on-going audit will be undertaken for less than one month.
• A snapshot audit is a one-time audit that attempts to document the current state of security for the enterprise. This audit usually requires at least a few days to set up, and execute, depending on the size of the organization.
• Audit length is also a function of the severity of any problems found. Secure sites are more easily audited than sites with anomalies, which must be investigated in more depth.
• A complete log of all activities is maintained during the audit. This is actually comprised of handwritten entries that document activites, together with automatic logging done by various tools during network and host scanning and penetration tests. Penetration tests may sometimes be referred to as Vulnerability Assessments, but are actually more comprehensive and thorough.