How to Order
Warranty
Contacts

 

DIR Customers
Click Here

 

Professional Services

Vulnerability Assessment & Penetration Testing (VA/PT)

“Vulnerabilities are the portals by which threats will materialize.”

The VA/PT will identify areas of weakness where security controls need to be enhanced in order to reduce risk of threats, determine feasibility of an attack, and the amount of business impact of a successful exploit, if discovered.

Future Com will help organizations identify areas of improvements. In addition, we will help develop a roadmap to enhance security controls and implement mitigating controls to help reduce the risk of threats.

Companies, who need to comply with the PCI DSS, must regularly test security systems and processes to identify weaknesses in networks in accordance the PCI DSS v1.2 requirement. Also, risk assessments, which include vulnerability assessments, must be performed as well.

The frequency and severity of today's security threats and vulnerabilities are forcing companies to intensify their focus on:

• Strengthening of current network security processes to protect (or at least reduce risk) against attacks from both external and internal threats
• Deploying enhanced security solutions to the enterprise
• Addressing constant change in customer and partner requirements via organizational changes and operational procedures
• Needing to comply with regulations and standards such as HIPAA, PCI DSS, etc which mandate assessments and PT for compliance
• Performing routine vulnerability assessments of your network

Being in the industry for over fifteen years, Future Com recognizes the challenges faced by today’s IT and compliance managers and administrators and the need for proper evaluation of security controls. Too often companies spend a great deal of money on equipment that is installed and configured utilizing basic features and evolved network architectures. With certified network engineers, Future Com can address this issue through professional services, reducing risk, improving security controls, and ensuring correct deployment, tuning and knowledge transfer. IT administrators live in a “Perception is Fact” world and when companies spend money on solutions that is what they expect…. solutions, not equipment. Future Com is ready to help you comply with PCI DSS, maximize resource utilization, simplify your operation and improve network security.

Scope of Engagement

Future Com will provide this assessment and testing and will attend a follow up meeting to present to you the analysis and recommendations.

Tasks

Future Com’s Security Technical Analyst(s) will work with your executives, IT and IS staff, and business units to assess the current security health of the implemented security controls and to make best practices recommendations for security improvements. This engagement will consist of the following:

• Gather company information using DNS, and domain registration information. This information will include IP ranges owned by or provided to the company, IP addresses and functions of Internet-facing hosts, names and e-mail addresses of contacts listed for domain name(s).
• Determine possible alternate paths by checking e-mail (SMTP) headers.
• Identify Operating System of host using active and passive OS fingerprinting.
• Scan TCP/UDP ports to identify open ports.
• Determine which services are running on the host systems.
• Assess all hosts using exploits specific to the operating system and services running on that host.
• Leverage compromised systems to gain information, attack, and/or access to other systems on the network.
• Document all vulnerabilities found, including date, time, host name, IP address, share name or port, credentials used, level of access, tool(s) used to exploit the vulnerability.

Deliverables

High-level Executive summary and review with senior management
Comprehensive report and review with technical personnel
Recommendations for eliminating or mitigating risks found during assessment

Professional Services Ordering Information
FCS-PROFSVCS-VAPT-1

Additional Related Future Com Professional Services offerings:

HIPAA Compliancy Assessment
SOx Readiness Compliancy Assessment
Network Optimization Assessment
Wireless Site Survey & Security Planning