Solutions

Network vulnerability assessment is the process of measuring and prioritizing security risks on networks and system. It provides a proactive method of securing systems by finding security weaknesses before intruders can attack. Network vulnerability assessment tools locate exposures to security vulnerabilities and recommend corrective measures to close the holes. This provides a tool that allows the security auditor and system administrator to determine the security status of a system at a particular time.

In simplest terms, a scanner operates externally and looks for, and reports, weaknesses in system configuration. A probe goes further by exploiting vulnerabilities in order to gain access. Most scanners do some form of both. The benefit of probing is that it gives you a greater level of confidence that reported vulnerabilities do exist and pose a real threat.

The InterTech Security Assessment Team uses Symantec NetRecon to conduct an external assessment of network security by scanning and probing systems on the network in an effort to find specific system weaknesses. Symantec NetRecon reenacts common intrusion or attack scenarios to identify and report network vulnerabilities and suggest corrective actions. Symantec NetRecon is different because it not only discovers and reports vulnerabilities, but it goes far beyond this by correlating these vulnerabilities in order to demonstrate the root-cause of more serious vulnerabilities. Symantec NetRecon focuses on the real problems, not merely the symptoms of the problem. These may include the potential for denial of service attacks and unauthorized access to both systems and data through login or execution of remote instructions. These conditions represent the ultimate security threat and demand immediate and appropriate countermeasure to correct. It is these vulnerabilities uncovered through the correlation of information that most scanners on the market fail to detect.

The InterTech Security Assessment Team using Symantec NetRecon can assess, NT, Windows 2000, UNIX (Solaris, HP-UX, AIX), Linux, NetWare Servers and Windows 95, 98 workstations. Symantec NetRecon can also assess network devices including routers, printers, firewalls and web servers. Symantec NetRecon works with communication protocols including TCP/IP, IPX/SPX and NetBEUI.

Symantec NetRecon uses a unique patent pending progressive scanning technology. This technology correlates vulnerability information and uses information from one part of the scan to search deeper for weaknesses in the network. Symantec NetRecon allows information obtained from one break-in technique to be used by another. This simulates a hacker approach and more accurately represents the way in which a real intruder would gain access to your systems. This works in contrast to most scanners, which execute in a serial manner, checking for a predefined and distinct set of vulnerabilities on each individual system. No correlation of data is made to uncover vulnerabilities.

Using Symantec NetRecon the InterTech Security Assessment Team can scan a growing database of known security vulnerabilities along with recommended fixes on how to correct the security weakness. The types of security checks provided include: NT Service, NT Registry, NetBIOS, NetWare, ICMP, NFS, RPC, SMTP, SNMP, CGI, and more.

A false positive is a vulnerability check that incorrectly identifies a normal session as an attack. This advantage of the utilizing the InterTech Security Assessment Team is its ability to use its knowledge to filter these false positives. InterTech will then verify the false positive and take measures to modify an updated vulnerability by either adding granularity or new attributes that correct the misidentification.

An executive summary report and multiple detail reports by vulnerability and by network resource (system) are available. We also give the user more flexibility in selecting specific network resources and/or vulnerabilities they want to report on. InterTech also gives users the flexibility to create their own custom reports. The reports can be viewed on-line with the Crystal viewer, or reports can be exported to a wide variety of formats including Word, Excel, Html, rich text format, tab delimited, etc.