Infrastructure Assessment analyzes how your current infrastructure is performing and provides you with a fully customized report illustrating the comparative cost and performance metrics of updating your current storage environment.
Varutra’s vulnerability assessment methodology focuses on identifying, validating, prioritizing the vulnerabilities in the target system and providing realistic status. We carry out external and internal vulnerability assessment for a given network. Combination of open source and commercial tools are used along with major stress on manual verification and validation of each and every vulnerability to understand the vulnerability potential and risk involved in case the vulnerability gets exploited on client’s network and its business impact.
Vulnerabilities will be prioritized considering client’s business and reported with specific mitigation steps in the recommendations.
A comprehensive source code analysis involves a security expert with strong development experience and proven analytical capabilities examining the source code of your application to identify programming and logical errors.
The aim is to examine the source code of the application and identify vulnerabilities before the application is deployed. Varutra consultants understand the application business objectives, its design and the technologies used for its implementation. An application threat profile is created to identify critical code areas to concentrate on during the code analysis. A blend of open source and commercial code analysis tools will be used followed by manual verification approaches, combined with general and best practices of coding standards for the respective platforms. Our experts also recommend the cost-effective and practical remediation strategies specific to your organization in order to control/mitigate/prevent these defects.
It is critical to assess the network security to defend and protect the data against known/unknown attacks. Varutra penetration testing involves assessing the network to gain unauthorized access in the network as an external entity/hacker and/or as a malicious insider trying to elevate access privileges. As per the client’s need, black box, gray box or a combination of both approaches will be followed. No exploitation will be carried out before seeking client’s permission during the engagements. Proof of concept exploitation can be carried out on testing servers. Assessment reports will prioritize vulnerabilities listing with severity rating, business impact rating and detailed recommendations.
Varutra’s technical configuration audit process is highly customized to suit the organization’s network infrastructure. The audit process broadly consists of auditing the perimeter devices, network devices such as firewall, routers, switches, load balancers, IPS, IDS and Server Systems such as Domain Controllers, File Servers, FTP Servers, Email Servers, Proxy Servers, Antivirus Servers and Databases comprising network architecture.
For all In-scope Hosts, Varutra consultants will analyze various components of identified operating systems using automated tools and manual techniques to identify known vulnerabilities in categories such as:
- Security Patch Levels
- File Permissions / Registry Permissions (if applicable)
- File Systems
- Users / groups presents on the system
- Services running
- Network Configurations
- Event Logging
- Database Configurations
- Version specific vulnerabilities
Network Architecture Review
Varutra network architecture review is a process of thoroughly assessing the network component’s configurations with their placements in the network and network design. Our network security team will observe network from defense in depth strategy to withstand any network attacks. The audit objective is to assist in increasing the security posture of the network.
The Network Architecture Review encompasses following steps
- Understanding organization business and the network infrastructure
- Review network design and deployed network security solutions
- Device configuration audit
- Review organization’s security policy
- Analysis and Reporting
Wireless Security Testing
Wireless networks are an integral part of an organization’s network infrastructure but they are exposed to internal/external threats. Varutra’s wireless security audit methodology is a result of research, proven techniques, advance testing tools and rich experience of our security experts in this area to ensures the maximum coverage over all possible threats from various dimensions.
Several wireless deployments are accessible beyond the acceptable physical premises protecting the infrastructure, which presents unique threats. Attackers can target wireless access points with pre-defined and planned attack strategy. Wireless security assessment will help in detecting, locating and mitigating the risks posed by the current implementation of wireless network technology by taking a very pragmatic and systematic approach to assess & report the current security posture of wireless networks.
- Defining Testing Scope
- Detection of Wireless Access Points as well as Rogue Access Points (if any)
- War Driving
- Wireless Network Vulnerability Scanning
- Vulnerability Identification & Validation
- Wireless Device Configuration Review & Report