Technical Security Assessment

What is Technical Security Assessment?

There are two main kinds of Technical Security Assessment that NSS focuses on, Vulnerability Assessment and Penetration Testing. If you wish to learn more you can read our article on Penetration Testing vs Vulnerability Assessment. We offer a comprehensive range of security assessment solutions for companies of all sizes (we have tested networks of over 10,000 active nodes) and also have service offerings especially for Security Architecture Review, Web Application and Application Security and Security Policy Development.

If you have an internal computer network, a mail server, a web server or any kind of custom software application or web-based application you are at risk from Malicious attacks.

An intruder will take any useful, worthy information they can, use your bandwidth and resources and leave you suffering a bruised ego, battered reputation and facing a severe financial loss.

Hackers, script kiddies, crackers, whatever the media currently calls them are all knocking your door. Why would someone hack me you ask? Simply because they can.

• Are you prepared?
• Could you survive an attack?
• Are you susceptible to attacks?
• Do you have a disaster recovery plan?
• An intrusion mitigation strategy?

In 2005 91% of organisations reported detecting computer security breaches in the last 12 months and 97% of these had websites. Of those with web sites, 23% reported suffering an attack within the last 12 months and 27% did not know if they had been attacked or not. Of those reporting attacks, 21% reported 2-5 and 58% 10 or more.

These statistics are alarming but it's likely that these don't truly show how bad things are; only 61% of polled organisations used some form of Intrusion Detection System.

Wouldn't you prefer the hackers on your side?

NSS security team will test the effectiveness of your security policies to see if they can survive a realistic, intensive attack.

Let us find the holes before somebody else does.

You can read our article on the differences between Blackbox Testing and Whitebox Testing and Internal vs External Testing to get an idea of the range of tests available from NSS.

We provide this information so you feel more comfortable with the process and understand what is involved. This means when you come to us you will have a clearer idea on your objectives for the project that will enable us to work together more efficiently.

Essentially your company’s security measures are analysed for design weaknesses, technical flaws and failings in the policies and procedures, then the results of the test are delivered in a comprehensive multi-level report including a human-readable management summary and a more technical section for the I.T. to take action on.

What is Involved?

There are many stages in a Penetration Test or Vulnerability Assessment our experts will undertake for your organisation, some of the stages would involve:

• Port Scan to open ports and exposed services
• Identify public services and any associated exploits
• External OS (Operating System) identification
• Router Testing Firewall and IDS testing
• Password cracking and account enumeration
• DoS (Denial of Service) tests
• Other specific tests for UNIX, Linux, Windows and Mac machines

Others can include physical security, war-dialing and more.

If you are interested or just wish to find out more please contact us directly.