NETWORK SECURITY SERVICES
EAM Solutions Group security assessment VET-Cyber methodology is based on a staged approach which allows for a controlled progression of the engagement in the respective phases defined below:
Project Initiation and Pre-Planning – During this phase, EAM Solutions Group further develops and refines the engagement objectives and articulated our understanding of the engagement. Prior to beginning work, EAM Solutions Group discusses all final parameters with client defined representatives to firm up any scope changes, new objectives, and final success criteria’s.
External/Internal Network and Host Discovery – EAM Solutions Group will attempt to identify remote devices and services available on the target networks (Servers, Aps, VOIP, Appliances, Laptops, etc.) This phase consist of scanning and reconnaissance activities and does not include any offensive actions such as attempts to exploit vulnerabilities. Note: Accuracy of the enumeration data, such as OS/Device identification details, may not be entirely accurate when dealing with certain types of firewalls, intrusion prevention systems (IPS), load balancers, or network service proxies. Discovery activities involved the following:
Reconnaissance – Performing “passive” network and information gathering, including DNS enumeration, IP and domain whois lookups, Internet lookups, and manual website reviews. Typically, this phase is performed to build or validate a target IP address list and check for sensitive information leakage that could be used to aid in an attack.
Fingerprinting & Enumeration – Performing “active” port-scanning, service port / protocol enumeration, and OS / device identification. The goal of this phase is to build a detailed network and system asset map.
External/Internal Vulnerability Assessment – EAM Solutions Group VET-Cyber teasms will perform a vulnerability scan of the known and active devices identified during the Discovery phase. The goal of this phase is to determine which systems were vulnerable in a more comprehensive way. VET-Cyber utilizes a variety of proprietary, commercial, and open source tools, as well as manual testing techniques, enabling a more accurate analysis of the Company’s environment. Attempts are then made to validate any discovered vulnerabilities, helping to distinguish from any reported false-positives. Note: Accuracy of the vulnerability data may be affected when dealing with certain types of firewalls, network segmentation policies, network/host-based intrusion prevention systems (IPS), and web application firewalls (WAF). This phase involved the following activities:
Vulnerability Identification – Performing vulnerability scanning of each target IP address and website hostname using a variety of tools depending on the target host type. Vulnerabilities were also identified passively by manually reviewing the data from the previous Discovery phases and researching relevant vulnerabilities online.
Vulnerability Analysis – Performing detailed analysis of each vulnerability finding generated from different tools or manually researching them and consolidating the results into a reporting framework. Many of the findings are manually validated, false positives are removed, and risk and vulnerability severity scores are calculated. Finally, all vulnerabilities are categorized and summarized for the final report
Note: The process for Internal and External vulnerability assessments are the same. For internal vulnerability test EAM Solutions Group will supply a security appliance that connects directly to the customers core network.
External/Internal Network Penetration Testing – EAM Solutions Group VET-Cyber teams will perform a network penetration test of a client’s Internet facing (external) systems, as well as all internal systems. The assessment team identifies the Company’s Internet footprint with only limited information provided by the Company. Additionally, to test the Company’s security monitoring and incident response, only a select few Company employees are made aware of the penetration test. VET-Cyber uses both proprietary and widely available tools and exploits, as well as manual testing techniques to perform the tests. Penetration testing involves the following activities:
Attack Vector Selection – Researching vulnerability data and existing exploit repositories in order to determine which vulnerabilities to exploit and which targets to attack. Additional attack planning, exploit testing, tool(s) customization, and payload development is typically performed in this phase.
Exploitation – Performing exploitation of vulnerabilities and other hacking attempts including: network service exploitation, brute-forcing logins, password cracking, man-in-the-middle attacks, etc. Note: Attack techniques depend on the scope of engagement and if targets are approved for testing.
Post-Exploitation – Gaining administrative access to targeted systems via privilege escalation; maintaining access via deploying safe backdoor payloads; pivoting attacks to other systems or networks; additional target discovery and network enumeration; and acquiring domain level access. Note: Typically, this phase involves repeated returns to target discovery and exploitation phases when introduced to new systems following initial compromise of a system.
Acquire Trophies – Identifying and attacking systems likely containing approved trophies defined in the engagement scope. Each compromised system is checked for sensitive information and evidence is gathered. In many cases, a trophy may not be officially specified or just gaining domain / enterprise admin access may be sufficient.
Note: For internal penetration test EAM Solutions Group will supply a security appliance that connects directly to the customers core network.
Once an engagement is concluded, EAM Solutions Group will provide several types of reports and recommendations to our client’s based on the level assessment. The two reports are a detailed report and executive summary report.
From the detailed technical report, VET-Cyber teams will create an Executive Summary report for the non-technical audience. This report gives a high-level overview of the methodology used and includes numerous summaries and graphical representations describing the findings. This allows quick and easy access to the assessment results at any time. The summary report does not include remediation instructions, nor does it include any raw scan results.
Findings Meeting and Project Closure
After the completion of all testing, EAM Solutions Group VET-Cyber will conduct a findings meeting to present the findings and explain in detail to the customer. Senior management personnel will have the ability to ask any questions and make requests for changes to the final report, such as clarifying a finding or presenting the information in a slightly different way.
*Active Directory Assessments
*Pre Aduit Services & Scans