Network Vulnerability Assessment - Using tools and techniques developed over years of assessment experience our security experts identify known and unknown vulnerabilities present on your networks. External assessments show what is vulnerable from an attacker's perspective on the Internet, discovering issues that can be used to gain access to systems, cause a denial of service, or be exploited by worms and viruses. Internal assessments discover threats posed by individuals who have gained physical access to the internal network or disgruntled employees intent on elevating privilege or disrupting services. C-Level Security Vulnerability Assessments are designed to provide an overall picture of system and network vulnerabilities.
Penetration Assessment - Taking network based testing to the next level C-Level Security will analyze the Network Vulnerability assessment results and develop an attack plan that simulates an actual compromise, commonly referred to as a pen-test. Once a plan is approved C-Level Security will execute it and exploit vulnerabilities on your network to meet penetration objectives defined with your organization. This testing analyzes multiple vulnerabilities, linking them together in a chain of events to compromise target systems. The outcome of each engagement provides your organization with an understanding of the real implications of vulnerabilities to your overall security. C-Level takes a structured approach to this phase and treats it as a separate service line due to the sensitivity of executing live attacks.
Web Application Assessment - Web applications have two types of data, unauthenticated content available to users with anonymous rights, and authenticated content available to users with credentials. C-Level Security's Web Application Assessment evaluates the security of the application of an authenticated user by a two step process. The first step is to work with your organization in performing threat modeling, taking into account various portal logins and system dependencies of the application using the STRIDE model for categorizing software threats.. The second step is to perform testing on the attack vectors identified. Testing includes assessing application server configurations, encryption, authentication, session strength, cross site scripting exposures, and input validation controls. During each engagement C-Level Security introduces threat modeling to development and application managers to provide them the ability to understand risks which may exist in other applications in your organization.
Product Assessment - Taking a proven approach to evaluating the security of products C-Level Security works with your organization to develop a detailed testing work plan that can include a design review, architecture review, code review, and testing of the deployed product. The full complement of services focuses on identifying weakness in data flow and data storage that would otherwise be impossible to discover with just product testing. C-Level Security Product Assessment results can be shared with your customers as a white paper, or as an internally focused report to enable your development team to further secure a product.
Firewall Assessment - Control points for your network are critical to ensure the flow and access of data. C-Level Security begins each assessment by reviewing the logical architecture of the firewall and working with you in understanding your business needs. This knowledge and information is then applied in reviewing the configuration, groups, and access rules of your firewall solution. Testing is then performed to ensure the controls are applied properly and the desired security is enforced by the firewall. C-Level Security uses its experience with most major firewall vendors to ensure it can provide answers no matter what solution the customer employs. C-Level Security understands that firewalls don't just apply to the Internet anymore, and will work with you to employ proper network access controls for your wireless or critical server segments.
Wireless Assessment - Organizations face two main issues in the wireless environment, the strength of their wireless solution, and the risk posed by rogue access points or clients. C-Level Security helps you understand your risk by accessing the strength of your current wireless deployment. The first step is to perform a site walk-through to discover all wireless devices in range. The second step involves testing the authorized access points and clients. C-Level Security encompasses WLAN (wireless local area network) testing as a whole to determine if an attacker can gain access to the wireless network and what level of logical access is granted, as well as testing the security of wireless clients. The final step is to identify rogue access points and rogue clients to determine if they are connected to your LAN and what risk they pose to your organization.
Host Assessment - Assessing risk from the network provides an understanding of the risk posed by remote services but does not provide insight into local security. C-Level Security can increase your long term posture by performing a host assessment with local administrative rights. The result is an analysis of settings and controls resulting in detailed recommendations to bring the system in compliance with either your organizational baseline, or security best practices. Host reviews are especially important in multi-user server environments and to mitigate the damage an attacker can cause if they gain access to a system as an unprivileged local user.
Dial-in Assessment - Analog lines are rapidly being replaced with remote VPN solutions but are still a serious risk. C-Level Security can perform modem discovery (war-dialing), modem control testing, or a combination. This testing provides you the assurance legacy lines have not been forgotten, posing unforeseen risk, as newer technologies are being integrated in your organization.
Social Engineering Assessment - One of the greatest risks to your organization is posed by your most important resource, employees. Having a rock solid network presence is meaningless if your help desk will give out user accounts, or employees are easily fooled into divulging sensitive information. C-Level Security has developed a methodology that gives your organization an understanding of the level of security awareness and the risk it presents. Additional services can be performed in architecture and training offerings to assist organizations in increasing the overall security posture in areas that are found to be non-compliant.
Risk Assessment - Our service is modeled around the COBIT framework, approaching risk assessments using a holistic approach. This approach allows C-Level Security to deliver concise and understandable results. Once your organization's risks are identified a comprehensive recommendation is provided to help you better understand ways to approach remediation or mitigation of those risks. C-Level Security can help organizations implement those plans through our Architecture Services.
Regulatory Compliance Review - With increasing regulations at the state and federal level companies are faced with mandates to ensure they have met these requirements. Additionally multiple regulations, overlap in regards to controls and technologies that must meet compliance. C-Level Security works with your organization in understanding which regulatory bodies require compliance. This information is used to develop comprehensive work programs, minimizing the number of repetitive audits that must be performed. C-Level Security is experienced in dealing with HIPAA, GLBA, SOX, and FFIEC requirements.