Clearnetwork offers a comprehensive suite of services customized to meet your security needs.
Internal and External Penetration Testing
This testing protocol validates the risks associated with internal and external vulnerabilities exposed during security assessment scanning. By exploiting discovered vulnerabilities, we can demonstrate the potential outcome of a hacker attack. We attempt to achieve domain administrator status, uncovering unprotected databases and applications, improperly structured privileges, data leakage issues, rogue and hostile applications, improperly patched systems, missing and poor passwords, unprotected network devices and more. After our penetration testing is complete, we make appropriate recommendations to further secure the environment.
Internal and External Vulnerability Assessments
Also known as security assessment scanning, this type of testing identifies systems and network configurations that could expose the customer to a breach of the network and critical systems. Systems are scanned for improper configurations; missing security software patches; unnecessary services and protocols; and vulnerabilities related to clear text protocols, coding and/or applications. Then recommendations to securing the environment are provided.
Internal and External Application Testing
This testing determines if unauthorized access to applications data, and/or network can be achieved. The scope of the project can vary greatly, depending upon the desired level of information. Web applications are probed, and testing identifies vulnerabilities such as coding flaws, buffer overflows, cross site scripting, SQL injection, broken access control and
authentication, improper error handling, insecure storage and insecure configuration management. Recommendations for securing the environment are provided.
Wireless Security Penetration Testing (War Driving)
This assessment involves physically scanning the perimeter of a facility using a wireless scanner. The wireless scanner probes the general vicinity
for any emitted Wireless Access Point (WAP) signals that are in the area. Each responding signal is documented for ownership, whether or not it
is a known corporate resource, and whether or not it is secured with encryption.
Firewall Configuration Review
In this review, we will evaluate the configuration and firewall policy with the goal of providing suggestions and best practices. This service examines considerations such as security concerns based on improper configuration and management, issues relating to the hosts the firewall is protecting, and issues relating to the services those hosts must offer through the firewall. Firewall review findings will be documented to include recommendations.
Social engineering is a process in which access is gained to a network via people, process and technology—often using physical means. Companies may be exposed to potential social engineering threats daily—in the form of individuals posing as copier repair technicians, auditors from consulting firms, new employees, heating and ventilation technicians, food delivery personnel and more. Other avenues for attack include infected hardware or email phishing. We demonstrate these dangers and deliver recommendations to decrease overall risks
Network Security Architecture Examination
This protocol inspects the topology of
customer-deployed security devices
within their network. Devices such as
firewalls, security appliances, routers,
switches and VPN aggregators are
examined for proper placement, utilization and network
security hardness. Recommendations are provided on how
to expand the security posture of the present infrastructure.
Wireless Security Architecture Review
This review examines the security aspects of the wireless topology and
design—with the goal of determining the best possible security posture. Wireless components such as controllers, access points, client workstations and mobile device settings are reviewed to ensure proper security measures have been implemented. And wireless technology is reviewed for best use of security features and capabilities. Recommendations for securing the environment—and applying new technologies and capabilities to enhance security—are documented and included.
Can you come on site?
Yes! We have experts that can come on site and perform a wide variety of tasks such as penetration testing, audits, compliance consulting and more!
Do you offer compliance consulting?
Yes, we have expertise with PCI-DSS, HIPAA, SOX, NIST, GLBA, NERC-CIP and many others!
How many years have you been doing security?
Clearnetwork has been in business since 1996 and security focused since 2002. We are not new to security!