VCHECK – the comprehensive service package that includes all information security services provided by VSEC, will provide comprehensive support for your system.

 

Service Pack Process:

1. Identify target

Based on the agreement between the parties, VSEC will plan the implementation and identification of the item Targeted review as listed in Scope.

2. Collect information

After identifying the target, we conduct the search, gathering all the information involve

3. Assess the target

This step will actually go hand in hand with the step above. Corresponds to each information

Collected from the target, we present the potential risk associated with each of them.

Our goal is to use a combination of tools: Nessus, Core Impact, NeXpose ….

4. Rate the risk of vulnerability

After listing the vulnerabilities we proceeded to classify the danger level to align Prioritize for verification. Vulnerabilities usually fall into three broad categories:

Category Description

High

Risks may result in unauthorized access to the system, application, or information. For example, buffer overflows, weak passwords or no passwords, etc.

Medium

Risks may indirectly result in system compromise, data leakage, or unauthorized access. For example, systems, applications that receive denial of service attacks, or network devices are exposed.

Low

These risks include conditions that do not lead to leaked information immediately or indirectly including system and application but will provide information that can be used in conjunction with other information to find out how. Include or access unauthorized access to a network, system, application or information.

5. Penetration Testing and Verification of vulnerabilities

Based on the classification list, we proceed to verify the vulnerabilities level from High to Low. This step is aimed at pinpointing exactly which vulnerabilities are actually responsible for the customer’s risk of losing information. The verification is based on the agreement of the two parties to avoid affecting the customer system.

The process of verification depends on the experience of the engineers, and the support

Support of tools: Core Impact, metasploit ….

6. Recommendations

At this stage, we have fully assembled the vulnerabilities and verified evidence of the review. As a result, we build a complete report that will make recommendations for customers to address these vulnerabilities and to plan and maintain them as well as additional solutions to improve the security of the target. The vulnerabilities are coded according to widely accepted international standards

The report is divided into two levels:

– Synthesis report: Includes high level instructions for the leader, support decision making quickly.

– Detailed technical report: Include steps taken, evidence found service for technicians.

Depending on your needs and the size of your business, you can choose one of the following specialized, customized products and services:

Application security assessment

Network assessment

User security assessment

Other services

VSEC knows your pain and is here to help!