Vulnerability Assessment - ESTec Security

By: Estec Security  09-12-2011
Keywords: Internet Banking, vulnerability assessment, Internal Systems

A vulnerability assessment reviews the configuration of a computer or group of computers to identify known vulnerabilities. Using industry-standard tools, a trained auditor reviews each machine, identifying all the services offered by the computer. He or she will then recommend changes wherever a vulnerability is discovered. For Internet visible computers, an assessment can be performed without traveling to your site. For internal systems, a consultant can visit your facility and review the state of computers that are not visible to the Internet.

Your vulnerability assessment can be a part of a more comprehensive security audit. ESTec has experience reviewing systems with widely ranging sensitivities, ranging from Internet Banking to e-commerce to proprietary internal systems.

Sample Case

Customer: A Mutual Fund Internet Sales Site
Services: Vulnerability Audit
Problem: Management wanted a third party review of the internet sales site before opening it to customers, since some of the computers were not visible to the internet, the review was done on-site.
Solution: An ESTec consultant was dispatched and performed on-site vulnerability reviews of all systems, internal and external, that would be involved in internet sales.
Results: Numerous vulnerabilities were discovered, some visible to the Internet. Patches were identified, and applied, unnecessary services were removed from the machines. After the changes were made, a second vulnerability assessment was performed to demonstrate that all of the known vulnerabilities had been identified and fixed. Management approved the project for release to its new internet clients.

Keywords: Internal Systems, Internet Banking, vulnerability assessment,

Other products and services from Estec Security


Incident Response - ESTec Security

With the cooperation of the security department of the computer's company, the offender's machine was seized, and an image of the hard drive given to our investigator.A log of the event from both the attack machine and the victim machine was turned over to the FBI.


ISO 17799 - ESTec Security

A risk assessment allows management to prioritize protection activities and incident handling allows the organization to evaluate how successful it has been in achieving the priorities. Over 30 countries either require ISO 27001 / ISO 17799 / BS 7799 certification for some organizations, or are considering requiring ISO 27001 / ISO 17799 / BS 7799 certification.


Security Awareness Programs - ESTec Security

The consultant presented the courses and also trained the trainers to give the courses to existing pwersonnel or to new personnel entering the workforce.The initial testing of the courses received such high reviews that management rolled out the course to 20,000 users, 1,000 managers, and 400 systems administrators.


Penetration Testing - ESTec Security

Customer: Major American Power and Gas UtilityServices: Penetration Test the SAP Accounting systemProblem: The utility was preparing to convert all accounting functions to SAP R/3. The penetration testing methodology used by ESTec ensures that all potential weaknesses are tested, including all currently identifiable vulnerabilities.