Network Security Audit & Vulnerability Assessment Services

About Vulnerability Scanning

Vulnerability Scanning analyzes the security of your network using the largest and most up-to-date Knowledge Base of vulnerability checks in the industry. When you launch or schedule vulnerability scans, the service safely and accurately detects vulnerabilities using its Inference-Based Scanning Engine, an adaptive process that intelligently runs only tests applicable to each host scanned.

The service first gathers information about each host, such as its operating system and version, ports and services, and then selects the appropriate test modules. The impact of scans on your network load is minimal because the service samples your available bandwidth and then uses a fixed amount of resources that you specify.

The Knowledge base of vulnerabilities is constantly updated as vulnerabilities are added and updated. For this reason, it is best practice to schedule network security audits regularly to minimize potential risk and ensure constant security. We recommend scheduling routine weekly scans plus running an on demand scan whenever new network devices are introduced or configurations are updated.

How Does Vulnerability Scanning Work?

There are several events that take place during the vulnerability scanning process. The standard behavior for each of these events is described below. To change the standard behavior, customize the scan and additional options in your option profile, and then apply the customized profile to an on demand or scheduled scan task. You can specify which probes are sent and which ports are scanned during host discovery, and which TCP and UDP ports are scanned during port scanning.

Scanning EventDescription
Host DiscoveryThe service checks availability of target hosts. For each host, the service checks whether the host is connected to the Internet, whether it has been shut down and whether it forbids all Internet connections. The service pings each target host using ICMP, TCP, and UDP probes. The TCP and UDP probes are sent to default ports for common services on each host, such as DNS, TELNET, SMTP, HTTP and SNMP. If these probes trigger at least one response from the host, the host is considered "alive." The types of probes sent and the list of ports scanned during host discovery are configurable through your additional options. If the host is not "alive" then the scan process will not proceed. You may choose to scan dead hosts through your scan options, but that option may increase scan time and is not suggested for Class C or larger networks. After host discovery, these events occur dynamically: port scanning, operating system detection, service discovery and authentication to hosts when the authentication feature is enabled.
Port ScanningThe service finds all open TCP and UDP ports on target hosts. The list of TCP and UDP ports scanned is configurable through your scan options.
OS DetectionThe service attempts to identify the operating system installed on target hosts. This is accomplished through TCP/IP stack fingerprinting, OS fingerprinting on redirected ports, and is enhanced by additional information gathered during the scan process, such as NetBIOS information gathering.
Service DiscoveryWhen a TCP or UDP port is reported as open, the scanning service uses several discovery methods to identify which service is running on the port, and confirms the type of service running to obtain the most accurate data.
AuthenticationAuthentication to hosts is optional for a vulnerability scan. For a vulnerability scan with authentication enabled, the service authenticates to target hosts based on the selected authentication types in the option profile and the authentication records in the user account. The service uses the credentials for target hosts as defined in authentication records. If authentication to a host is not successful, the service performs vulnerability assessment without authentication.
Vulnerability AssessmentUsing the information gathered about each target host in the previous scanning steps, the service begins vulnerability assessment. The service scans for all vulnerabilities in the Knowledge Base or a selected list of vulnerabilities, based on the user's scan settings. The service runs vulnerability tests that are applicable to each target host based on the information gathered for the host.

PCI Consulting & PCI Security Audit Services

  • PCI Risk Assessments
  • PCI Compliance Audit Preparation
  • PCI Vulnerability Assessments & Penetration Testing, PCI Compliance Scanning – Internal and External - Approved Scanning Vendor (ASV)
  • Security Policy Creation
  • Fractional Chief Security Officer Services
  • Forensic Services
  • Social Engineering
  • Secure Infrastructure Design and Implementation
  • Mobile and Wireless Security Audits

CDI External Audit Process


What is a Vulnerability Assessment and Penetration Test?

In a Penetration Test, The CDI security professionals use real world hacker techniques and work remotely from our offices and attempt to breach your network security via the Internet.

Questions a Vulnerability Assessment and Penetration Test can Answer?

  • How can a hacker penetrate our internal network and systems data from the Internet?
  • Using simulated real-world tactics, what vulnerabilities can be identified that an automatic vulnerability scan misses?
  • How secure is my web- site and the service providers that are connected to my network?
  • How vulnerable is my email traffic and is it available for others to see?

What are Some Common Objectives of a Vulnerability Assessment Penetration Test?

  • Provide management with an understanding of the current level of security risk from Internet-accessible services.
  • Provide detailed recommendations to facilitate a cost-effective and targeted mitigation approach.
  • Create a basis for future decisions regarding IT risk management, security, and allocation of resources.

What are the steps in the Scanning and Penetration Testing Process?

I. Reconnaissance and Network Vulnerability Scanning

Identification of system assets, data and network components by vulnerability scans.

II. Enumeration

Determine the application and network level services in operation for all identified assets.

III. Research and Evaluation

Here we determine the vulnerabilities, bugs and configuration concerns with all systems. Flaws identified in any of these three areas can lead to system compromise.

  • Vulnerability Testing and Vulnerability Risk Assessment
  • Manual Service Analysis
  • Password Testing

IV. Penetration Testing Analysis

For each issue identified we escalate, validate and then determine the impact of any issues. The results are used to develop impact descriptions and recommendations that take into account your individual business and network environment. Discarding any false positives, we create a pragmatic and actionable report.

What is vulnerability scanning and how does it fit into the process?

CDI's penetration testing service is a combination of a vulnerability scan/assessment, a penetration test, remote password checking and manual analysis by expert security professionals. Vulnerability scanning is an automated process using commercial software. However, these automated tools typically miss about 40% of the security risk. Additionally, up to 50% of the findings from a vulnerability scan are false positives that can cause undue alarm and wastes time investigating unimportant findings rather than paying attention to serious risks.

At CDI, manual analysis is the most comprehensive part of all of our assessments and gives your organization the confidence that you have had a comprehensive review of your security risks. This method allows for more customized reporting and more detailed recommendations enabling simple fixes and cost effective mitigation strategies for most security issues.


Security Assessment Services Comparison

ProcessDescriptionAutomated AssessmentCDI Assessment
Passive Information GatheringDNS, publicly accessible services, Internet access points, IP address ranges.YES
Active Information GatheringIdentify other IP addresses beyond those reported. Search for other telephone, web, and email resources not reported. Social EngineeringYES
Network Topology AnalysisNetwork topology analysis: Integrating multiple sources into a high level architectural understanding.YES
Services & System IdentificationPort scanning techniques based on network topology to identify hosts, operation systems, and services.YESYES
Firewall & Router TestingEvaluation of firewall’s capacity to protect network perimeter and inference of configuration, ACL’s, etc.YES
Intrusion Detection System TestingIDS/IPS system(s) tested by inference and by use of information provided. Various alerts triggered in order to assess effectiveness and accuracy of the system.YES
Denial of Service (DOS) TestingTesting (typically w/o validation) of the server’s capacity to deflect overloading and DoS attacks.YESYES
Modem / Fax ProbingTesting of telephone-based access to network with focus on dial-in access to modems. Modems are queried for proper authentication/configuration.YESYES
Vulnerability TestingSearch engines and vulnerability databases are queried to locate vulnerabilities that affect services running on identified services.YESYES
Vulnerability ValidationReview “clean” and flagged services for false positive and false negative findings. Assign risk level to each.YES
Manual Service AnalysisIn-depth manual analysis of critical hosts and services revealing additional configuration vulnerabilities. Trusted IP address, sub-system analysis, location of vulnerability vectors thru app and protocol fuzzers. YES
Password Testing and AnalysisDictionary/brute force attacks, control analysis, lockout policy, default passwords, authentication protocols.YESYES
Log-in Page TestingSession/account management, login page input validation, cross-site scripting, buffer overflows, database command injection, error handling, access control, data cryptography, and remote administration.YES