External Security Assessment

The Internet has presented many opportunities for Companies to promote their products and services to a Global audience. However, with this opportunity has also come the risk of dealing with individuals and entities that seek to attack, penetrate, and subvert Home and Corporate Computer Systems and Networks.

Too often, Companies employ the proverbial “firewall” and assume that they are protected only to find that glaring deficiencies in deployment and alerting have left them more vulnerable and under a false sense of security.

To address threats and to verify that external defenses are working optimally and properly, RSC has developed the External Security Assessment program, known as ESA.

This program evaluates and determines potential weaknesses in Computer Networks and Systems that are accessible from the public Internet.

ESA is more than just an automated scan using “off-the-shelf” tools. It is a customizable, comprehensive testing procedure that provides a highly accurate, in-depth review of external defenses and alerting mechanisms.

Using our proven methodology, RSC Security Engineers can successfully detect weaknesses and remediate found vulnerabilities. We can help your organization ensure that security devices are properly configured and efficiently working!

Learn More

The ESA is comprised of three main steps; Reconnaissance, Discovery, and Testing.

Reconnaissance

One of the key phases in any attack and penetration attempt is to gather information about a customer and/or person that is readily available. Given an email address of a corporate employee, the attacker may possibly have a valid user account that can now be utilized to access Email, FTP, and Web Accounts.

Discovery

Discovery is accomplished using an “active” probe from specialized software utilized by RSC Security Engineers. These probes look for areas that may be exploitable on the targeted customer system(s).

During the Discovery Phase, RSC Security Engineers attempt to find open holes by a variety of methods; both fast and slow scans/probes. The activity generated furnishes a good test of Intrusion Detection and Intrusion Prevention Systems. (IDS/IDP)

Testing

This phase utilizes information from the previous Discovery Phase to perform limited attack and penetration tests against the targeted Customer systems.

Limited defines the scope of activities performed during the testing process; RSC Security Engineers will only identify vulnerabilities and weaknesses. The Customer may request that RSC Security Engineers attempt to actively exploit a found vulnerability. These requests are documented by the appropriate authority for the Company/Customer before RSC Security Engineers proceed with further testing.

Results and Findings

The results from all phases of the ESA are gathered and reported to the Customer using an uncomplicated and easy to understand grading scale.

Learn More