A four-phased approach to review the security posture of the internal & external network environment of an organization
FOCAL POINT adopts a four-phased approach to review the security posture of the internal & external network environment of an organization. In the first phase FOCAL POINT emulates an intruder and performs targeted manual testing against critical servers within the scope of the engagement. This step is followed by automated scanning against the identified servers to develop an inventory of the live hosts within the approved IP address target area. Next, manual and automated techniques are used to compile a comprehensive list of vulnerabilities affecting the systems. Finally, FOCAL POINT will execute selected exploits in those cases where the client wants to verify that it can be successfully performed in the environment.
The goal of this effort is to determine what information an intruder can access with no privileges on the internal network. This zero-knowledge test requires only a live network connection and physical access provided by the client. If requested, FOCAL POINT will also test the network for vulnerabilities using normal domain user privileges.
The internal & external network assessment consisted of the following phases: