The ASG team has extensive experience defending networks and information systems by securing deployed systems, conducting vulnerability assessments and penetration tests, as well as responding to computer security incidents, and analyzing threats. ASG is on the cutting edge of threat assessments and IA (Information Assurance) trends and exposures by our ongoing education, and in-depth research and analysis of the latest security trends, tools, and threats. ASG analysis possesses the appropriate skill set to help organizations find weaknesses before the hackers do to help keep your data safe.
On top of everything else is our engineers have no problem handling the secure design, implementation, and configuration of network and security devices. ASG’s secure network designs are based on Defense-In-Depth Strategies that always exceed our customer's certification and accreditation requirements. ASG has been responsible for installing, configuring, monitoring, and auditing firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), and related security infrastructure throughout the Federal Government and large commercial organizations.
With Network testing ASG’s consultants assume the role of would-be-hackers, with the team possessing minimal prior knowledge of your organization’s network or the systems to be tested. In full disclosure testing, or what is more commonly known as white box testing, team ASG is given complete information about your target systems, up to and including:
- * The types of network devices and their configuration
- * The operating systems deployed on servers and workstations as well as their patch level
- * The database and Web platforms deployed through-out the network
- * Firewall models, along with configurations and detailed diagrams of network connectivity
Our testing method varies depending on the type of test (network vs. application, for example), but follows this general flow. It should be noted that the client is notified at the start and stop of any automated scanning or invasive penetration testing.
- * We manually review the objectives of the test to ensure that we are familiar with the environment and know which tests we would like to run against it.
- * We will run some automatic vulnerability scans to provide a broad coverage and provide insight into areas that may warrant further investigation. Frequently, we use multiple tools to ensure that what one tool missed another will find.
- * We review the results of the automated scans and verify any adverse findings. At this time we also make note of any false positives.
- * Based on the results of the Automated Vulnerability Scan(s), we select certain systems (or parts of an application) to review manually for vulnerabilities. Some vulnerabilities are not easily caught by automated tools, hence manual testing helps uncover such vulnerabilities.
- * Based on the results of the previous steps, we compile a list of vulnerabilities that we will attempt to exploit. Based on the customer’s preference (invasive vs. non-invasive), we may opt to skip certain tests.
- * Finally, we compile the data we have collected up to this point and provide remediation recommendations for addressing the vulnerabilities uncovered.
- * We incorporate multiple industry standards into our assessment methodology including NIST 800, ISO 27002 and OSSTMM. The final report includes both details about the activities performed as well as remediation recommendations designed to reduce your organizations risk with regard to identified issues.