Hoyt Corp

On-site Expectation:

• Install Internal Network Scan Appliance for network fingerprinting and reporting capability.
• Install Windows Appliance operating in Promiscuous mode.
• Install Additional Data Taps (Hard + Soft) with SQL Engines.
• Verifying VPN infrastructure security assumptions.
• Evaluating the efficacy of system event logging.
• Exercising logical and perimeter defense systems.
• Evaluating wireless network exposure (802.11a/b/g and BlueTooth).
• Testing remote access systems including dial-up.
• Reviewing password stength policies.
• Employing social engineering attacks.
• Validating security of VoIP, telecommunication, and backup systems.
• We will poll all provided sources in your network which typically are the rate elements listed on this page.

Penetration Testing

• Proprietary testing.
• Active attempts to retrieve corporate email, phone calls, instant messages, account lists, passwords, accounting records, intellectual property.
• Firewall/IDS/IPS evasion and exploitation.
• Remote access compromise (VPN, PBX, war dialing).
• Client-side exploitation.
• Identifying ingress or attack points
• Attacking, modifying, and hijacking client/server interactions
• Phishing attacks and social engineering.
• Untrusted media insertion, (USB dongle/CD attack).
• Wireless key cracking (WPA, LEAP, WEP).
• Reviewing the organization's internal controls, infrastructure, protective boundaries, and external factors.
• Risk Assessment Gap Analysis
• Corporate Footprint and Fingerprint - Physical and Digital

Data Collection

We utilize Open Source Exploit Tools from Metasploit, NMAP and other freely available network discovery tools.

Data collection is the first stage in implementing an FMS. Obtaining rich, diverse information from multiple layers is a key factor for the success of an FMS in the IP and next-generation networks environment.

Various probes, IP mediation, and billing mediation products can assist in the collection of this information.

Application-Level Usage Records

Application-level usage records describe the service provided to the customer. Typically, these records will also be used for billing, since they provide all the necessary details in regard to the service used.

These billing records are typically collected from the servers providing the specific service, such as telephony services, video services, and so on.

Application-level records may be provided by the following:

• VoIP: Media Gateway Controllers
• (MGCP, H.248), gatekeepers (H.323)
• Broadcast servers: music on demand, video servers
• Voice switches and SS7 Gataways
• Meet-Point Billing & CDR Records
• E-mail servers, Web/WAP servers
• AAA and RADIUS Systems
• Authentication Services

Engagement & Reporting Process

The client engagement begins with your contacting us Click to Contact via 888-775-4225 for a data collection and reporting analysis engagement. The inital data tap can take a few hours at a minimum and grow exponentially with complexity with SS7, PSTN and IP convergence. A report is issued within the scope of the engagement 10 calendar days after completion of data analysis.

Triggered Content Events

Triggered content events are generated by probes, which inspect the payload carried over the network. These probes can search for text of known "exploit" scripts (used for hacking).

Triggered content events are being used today for intrusion detection systems but can also be useful for detecting elusive fraud scams.

Login and Authentication Level

A typical NGN includes various login, authentication, authorization, and security mechanisms. These mechanisms are referred to as "login and authentication layer" and may provide vital information to a fraud analysis system.

Information provided by the login and authentication may be provided by the following elements:

• SS7 and PSTN Trunk Group CDR
• Radius and LDAP servers
• Remote Access Server (RAS)
• Virtual Private Network (VPN) gateways
• DHCP servers
• DNS servers
• Firewalls

Network-Level Information

Network-level information describes the traffic and the flows at the IP layer. This layer typically characterizes bandwidth and resource consumption.

Network elements that provide this information include the following:

• Routers and switches
• Cisco Netflow
• SNMP/RMON I + II
• Address translation (NAT)

Access Level

Access networks are used as the technology that connects the customer for the "last mile." Common technologies include cables, wireless, DSL, and dialup.

This layer holds the information about the user location. It is also aware of the hardware and Layer-2 addresses of the user terminal, such as IMSI, serial numbers, MAC address, and more.

Statistics collected by the access network are typically not affected when circumventing with the IP layer and therefore prove to be very useful for detecting irregular events.

Access-level information may be collected from the following elements:

• RAS / CMTS / DSLM
• IMAP / LMDS / WLL base stations

Review of Current Issues

As published by:

• OWASP
• WASC
• CWE
• CAPEC
• FIRST
• FDCC
• Windows Server 2008 Security Guide
• SANS Top 20
• FIMSA Compliance

Prior Link - UTM Consulting

Next Link - Legal, Compliance & Reporting