A vulnerability assessment reviews the configuration of a computer
or group of computers to identify known vulnerabilities. Using industry-standard
tools, a trained auditor reviews each machine, identifying all the
services offered by the computer. He or she will then recommend
changes wherever a vulnerability is discovered. For Internet visible
computers, an assessment can be performed without traveling to your
site. For internal systems, a consultant can visit your facility
and review the state of computers that are not visible to the Internet.
Your vulnerability assessment can be a part
of a more comprehensive security audit. ESTec has experience reviewing
systems with widely ranging sensitivities, ranging from Internet
Banking to e-commerce to proprietary internal systems.
Customer: A Mutual Fund Internet Sales Site
Services: Vulnerability Audit
Problem: Management wanted a third party review of the internet
sales site before opening it to customers, since some of the computers
were not visible to the internet, the review was done on-site.
Solution: An ESTec consultant was dispatched and performed on-site
vulnerability reviews of all systems, internal and external, that
would be involved in internet sales.
Results: Numerous vulnerabilities were discovered, some visible
to the Internet. Patches were identified, and applied, unnecessary
services were removed from the machines. After the changes were
made, a second vulnerability assessment was performed to demonstrate
that all of the known vulnerabilities had been identified and fixed.
Management approved the project for release to its new internet