Vulnerability assessment … Hytec launches new service
Hytec Information Security Limited

Every IT infrastructure needs testing at regular intervals to ensure it remains secure. Furthermore, the network should be independently tested, since those managing it are likely to make the same assumptions they considered when building or upgrading the infrastructure.

It is also regarded as good practice to test the infrastructure without the knowledge of the Infrastructure Security team, ensuring the team's effectiveness is also taken into account.

The hacker's approach

Hytec's service uses the same approach as a potential attacker, namely carefully investigating the network, identifying weaknesses then exploiting the vulnerabilities.

The service is modular and clients can tailor it to their specific needs. For example it's advisable to repeat the investigation stage on a regular basis (probably quarterly), whilst the other two tasks can be performed less frequently.

It's also recommended that assessments should be undertaken over a period of time, accurately depicting the actions of a skilled attacker, who will act slowly and deliberately to avoid alerting Intrusion Detection Systems.

In this way, vulnerability assessment is more subtle and non-invasive than penetration testing, which can often fail to identify vulnerabilities due to high traffic densities triggering IDS systems.

Investigate

The first stage is to investigate and analyse the network and perimeter security in a non-invasive manner. Although the network infrastructure is targeted, it is not penetrated and client information is not extracted, other than data from the security infrastructure itself.

Hytec will produce a report highlighting:

Looking for weaknesses

The second stage is to undertake invasive testing to determine whether vulnerabilities really do exist; however this is done without causing any Denial of Service (DoS).

Exploiting vulnerabilities

Finally the company examines each of the vulnerabilities previously identified and assesses how they can exploited. Where exploitation is possible, Hytec will determine the extent to which the client's information can be leaked or modified, and what other forms of malicious damage can result.

Ultimately if a Denial of Service (DoS) vulnerability exists, Hytec will then execute a DoS attack. Each security exposure is fully tested and documented, together with details of whether the vulnerability is demonstrable and replicable.

Hytec believe that, with the Vulnerablity Assessment service in place, clients will benefit from:

• Reduced Risk — Reducing security risks that, undetected and unresolved, could lead to business interruption, lost revenue, damaged corporate image, legal repercussions and more
• Enhanced Competitiveness — Achieving the level of security necessary to pursue new initiatives, grow the business and engender trust among customers, suppliers and business partners
• Maximised Resources — Gaining a 'security partner' who will help set security priorities, promote action on detected vulnerabilities and focus resources on the areas of greatest risk.

Contact - For further details of Hytec's Vulnerability Assessment Services, please call the company on 01865 887428