OVERVIEW:
“Many small organizations lack a dedicated information security
professional. This practice should be avoided. As you can see, an
effective security program requires constant care and feeding. A
dedicated information security professional will reduce the high cost
associated with unmanaged risk.” SANS

Netstetix is ready to provide you with the information you need to protect your network resources - from both internal and external threats.
The purpose of auditing is to inform management of the actual state of affairs. This can serve both as a check on the effectiveness of the IT staff, or as a "sanity-check" of requested or planned projects.
Where most audit reports flood you and your system administrators with more information than can be readily addressed, Netstetix will provide prioritized reports to address the highest priority vulnerabilities first.
All vulnerability audit reports follow the SANS/FBI (NIPC) Top20 vulnerabilities list as specified by the joint recommendations of the SANS Institute and the FBI's National Infrastructure Protection Center
Netstetix will then make or prescribe the necessary changes, at your option, and prescribe the purchase of additional hardware or software as required. If requested, Netstetix will install and configure those items for seamless operation within your environment.
Note: All auditing activities will require verifiable, written permission and/or proof of ownership for the target organization, and a formal signed contract. This is required to protect both the audit's target and Netstetix.
Auditing consists of many types of testing. Not all auditing is appropriate, or desired, for all networks. Because of this, and individual client requirements, each auditing project is individually proposed and bid. The pricing is affected by the number of hosts to audit, the types of tests to be performed, and the number of repetitions desired (to validate changes).
The different types of testing available are broken out here to illustrate the options available.

This test focuses on
• server penetration testing
• router penetration testing
• firewall penetration testing
• Operating system installation and maintenance.
The penetration test may be performed with non or full disclosure of the environment in question.
The engagement would start with publicly accessible information about the client, followed by network enumeration.
Network enumeration allows Pure Hacking to target hosts, and specific network security attacks. Pure Hacking would then assess the open ports, services and specific security vulnerabilities, and use that information to gain a toehold into the environment. After a toehold is established, escalation of privilege occurs until the external environment is controlled.

What do you get at the end of the engagement?
A sample report is available here. Depending on the scope of work, a typical report would include any or all of these components (reference: OSSTMM):
Network Security
Network Surveying
Port Scanning
System Identification
Services Identification
Vulnerability Research & Verification
Application Testing & Code Review
Router Testing
Firewall Testing
Intrusion Detection System Testing
Trusted Systems Testing
Password Cracking
Denial of Service Testing
Containment Measures Testing
Social Engineering
Request Testing
Guided Suggestion Testing
Trust Testing Wireless Security
Wireless Networks Testing
Cordless Communications Testing
Privacy Review
Infrared Systems Testing
Communications Security
PBX Testing
Voicemail Testing
FAX review
Modem Testing
Physical Security
Access Controls Testing
Perimeter Review
Monitoring Review
Alarm Response Testing
Location Review
Environment Review

Why NETSTETIX
• The only dedicated Penetration Testing company, with a history of industry leadership in Internet Security designed to keep your mission critical systems safe.
• The discovery of real risks and solutions independent of any vendor
• Skills transfer for your staff as Pure Hacking will divulge all intellectual property and tools when Pure Hacking operates with you.
• A worldwide operation, so regardless of the size or location of your network, Pure Hacking will service your need.
• A flexible company that will work within your operational parameters.
At Netstetix, an external network security attack is the most common request from our clients. Every day of the week we are performing these engagements and as such, our skill set is efficient and effective. As we are performing penetration tests on a daily basis, we are the industry experts.
We are so confident with the service we offer, we guarantee our work to our client’s level of satisfaction and keep continual contact at their requests. Our clients continue to use us because we are trustworthy, knowledgeable and exceptional value.

FEATURES:

• Network Discovery - This simple audit provides you with a complete inventory of all identifiable systems on your network. This can be performed from inside or outside your network according to need.
• Patch Audits - This series of tests identifies specific vulnerabilities (many in the SANS/FBI Top 20 list) that exist because of failure to keep all affected systems up to date. It does not address configuration errors, sample files, inappropriate/unauthorized applications or any other user-configurable settings or software.
• SANS/FBI Top 20 Audit - Gives you the information needed to address the most critical vulnerabilities, as determined by an international consortium of security experts and analysts - Recommended for all systems, but especially for those facing the Internet.
• Name Server (DNS) Audit - A name server that is not correctly configured can cause all of your other services to be unavailable. If it is allowing queries from unauthorized sources, then outside attackers can gain threatening insight into the structure and nature of your network. Netstetix will analyze and report on those aspects of your Name services that threaten proper operation or present avoidable risks.
• Port Scan Audit - A port scan audit consists of two separate parts. 1) Checking all systems in the audit target(s) to see what systems are offering what "services" (intended or not); and 2) Tracking down the actual "service", should it turn out to be unwanted by management.
• Penetration Testing Audit - A penetration test is a formal, planned "attack" on your network, with the objective of finding the vulnerabilities on any of your systems that can be exploited to gain entry to, or compromise any of your systems. This audit emphasizes the combination of many different types of test results with known techniques to obtain access.
• Complete Vulnerability Audit - An expansion of the Top 20 Audit which tests more exhaustively, searching out as many vulnerabilities as can be identified, using several specialized tools.
• Complete IT Audit - This encompasses the technical aspects mentioned above, and includes interviews with your management and staff to identify practices, policies, procedures, expectations, inconsistencies and other behavioral issues, which can affect the operation of IT Departments and Operations.
• Ethincal Hackers: Hackers who have studied and have proven success results attack your network but are ethincal and do not cause damage, only prove that it can be done and show the methods.

BENEFITS:
• Ensure businesses are secure and not vulnerable to attacks.
• Gives our clients business partners more confindence in their security
• Netstetix does not only diagnose the problem, but will also work with the client to prevent it(if needed) or the client has have an consultant implement the suggestions.