This document provides information about vulnerability assessments performed by Cyber 51 LLC. A vulnerability assessment checks network components and web applications for security vulnerabilities that could allow unauthorized access. It identifies known and unknown vulnerabilities, missing patches, outdated systems and open ports. Regular vulnerability assessments are recommended as hackers attack networks daily to find and exploit weaknesses. A vulnerability assessment is less intrusive than a penetration test, which attempts to actively hack systems based on found vulnerabilities.
1.
Cyber
51
LLC
267
Kentlands
Blvd.
#800,
Gaithersburg,
Maryland,
20878,
USA
Email:
info@cyber51.com
Phone:
(301)
830-‐6702
What is a Vulnerability Assessment?
Checks either or both Network components (Firewalls, Routers, Servers etc.) and Web
Application Components (Websites, Portals, Restricted Web Access Systems etc.). The goal of
the vulnerability assessment is to find loopholes in security, which would allow an intruder to gain
unauthorized access.
• Checks Network equipment (Servers, Routers etc.) for Vulnerabilities
• Checks Web Applications (Websites, Portals etc.) for Vulnerabilities
• Same Checks Hackers employ prior to hacking into a client network
What Checks are being performed on a vulnerability assessment?
The checks include the search for known and unknown system or web application vulnerabilities,
missing patch levels, out of date operating systems, out of date software revisions as well as
open and exposed ports.
• Known and Unkown Vulnerabilities in Network or Web App components
• Out of date software / hardware in use
• Missing patches
• Open and exposed services and ports
Why a Vulnerability Assessment?
Organized crime but also hackers with a pure interest in destruction attack millions of Internet
facing customer networks daily. If you care about your IT infrastructure and you want it
safeguarded, you should regularly have vulnerability assessments performed, before a malicious
hacker exploits potential weaknesses.
• Variety of hackers who do it for fame, financial gain or just for fun
• Mainly untraceable by law enforcement as attacks come from countries with little IT
legislation (China, Russia, South America, Bangladesh etc.)
2.
Cyber
51
LLC
267
Kentlands
Blvd.
#800,
Gaithersburg,
Maryland,
20878,
USA
Email:
info@cyber51.com
Phone:
(301)
830-‐6702
What’s the difference between a Vulnerability Assessment and a Penetration Test?
A vulnerability assessment is part of a Penetration Test and constitutes the first phases. In a
vulnerability assessment the customer receives a report which outlines all different vulnerabilities
encountered, advices on missing patch levels, out of date hardware and software and provides
mitigation advice to close the loopholes down.
A Penetration Test on the other hand will then also try to actively hack all systems where
vulnerabilities have been encountered. For small businesses a Vulnerability Assessment is
usually sufficient. A vulnerability system is non-intrusive, which means no harmful actions against
the tested systems are being performed.
• Vulnerability Assessment: Checks and advices on vulnerabilities
• Penetration Test: Attempts full hack based on the vulnerabilities found
What should SMB clients have their systems and applications checked?
Hackers don’t care whether the target is a fortune 500 company or a small online flower shop.
Just because the business is small doesn’t prevent it from being attacked. Every system which is
exposed to the Internet shares an equal risk of being hacked.
• Often less security than at Fortune 500 companies in place
• Hackers don’t differentiate between targets and often choose least secure
• Systems who are exposed to the internet share an equal risk
What does the free Vulnerability Assessment contain and what’s the difference to a paid
service?
The customer will be able to choose 1 system (IP address) or 1 Web Application they would like
to be assessed. The customer will then receive a basic report, which highlights the vulnerabilities
found. This is a basic report only. The paid service checks multiple IP addresses (Servers / Web
Application) and is accompanied by a highly comprehensive report which outlines all
vulnerabilities, missing patch levels, out of date hardware, software and open ports. Additionally it
will also contain complete mitigation advice and a debrief call.
• Free Vulnerability Assessment: 1 system or Web App checked – Basic Report
• Paid Vulnerability Assessment: Checks against all chosen systems / Web Apps. Detailed
Report, Details Mitigation Advice, Kick-off and Debrief Calls
3.
Cyber
51
LLC
267
Kentlands
Blvd.
#800,
Gaithersburg,
Maryland,
20878,
USA
Email:
info@cyber51.com
Phone:
(301)
830-‐6702
How many systems actually do have vulnerabilities?
In our assessments we find that 95% of all of our clients have either at least one or more critical,
high or medium severity vulnerabilities.
• 95% of all systems and Web Apps have vulnerabilities
• We haven’t had a single customer where we were not able to break security eventually.
Why are there so many vulnerabilities?
IT landscape changes at rapid speed. Businesses use a lot of open source software, don’t
maintain latest software revisions, have unnecessary services and port exposed to the Internet
but are unaware of the security holes they are introducing.
• Wrong configuration of servers
• Weak Application Coding
• Use of Open Source software
• Exposing unneeded ports and services to the Internet
CONTACT US TODAY!
• Get a Free Consultation Call and Quotation
• Get a Penetration Test Sample Report