home → solutions → Assessment

Assessment

Assessment Overview

The Sec-1 Assessment portfolio has been designed to provide organisations with a complete range of network security testing services.

As a CREST Member company, Sec-1 have agreed to adhere to the standards set out by the Council of Registered Ethical Security Testers (CREST)

Where do the threats to an organisation come from?

Threats come from many areas including

Automated Attacks – Worms, trojans, payload bearing viruses and botnets

External Attackers – Ex employees, cybercriminals, black hat hackers and script kiddies

Internal Attackers – Disgruntled employees, inquisitive users and trusted 3rd parties

What is the target of an attack?

External Infrastructure
Includes servers, firewalls and routers which are at risk from automated attacks and external attackers. Typical vulnerabilities include unpatched software, poor configuration and user error.

Internal Infrastructure
Includes servers, PCs, firewalls, routers and applications which are at risk from internal attackers. Typical vulnerabilities include unpatched software, poor configuration, user error, weak policies, misconfigured permissions and poorly coded applications.

Web Applications
Includes websites and web applications which are at risk from automated attacks and internal attackers. Typical vulnerabilities include poorly coded applications due to a lack of security emphasis within the development cycle.

Wireless Infrastructure
Includes wireless access points and wireless devices which are at risk from external attackers and internal attackers. Typical vulnerabilities include weak implementation and poor polices, maintenance and administration

Laptops
Includes any laptop in your organisation which is at risk from external attackers and internal attackers. Typical vulnerabilities include weak passwords, lack of authentication, user error and lack of encryption.