• Corporate

  • Home Based Business

  • Small and Medium Business

  • Enterprise Solutions

  • Government

  • Educational institutions

  • Special Projects

  • Charities

  • Developers

  • Security Audit

  • VAR Program

  • Financial Institutions

  • Contact Us

  • Home

    		•

    Security Technical Overview

    We are web security experts and can provide you with an extensive audit of your systems:

    • Penetration Testing - practical evaluation of site security from the perspective of an attacker.
    • Network and System Security Auditing - theoretical evaluation of site security focused on defense.
    • Source Code Auditing - checking for security problems in C, Perl, or PHP code.
    • Security Policy Compliance - verifying compliance with a published Security Policy.

    Strategic Profits Inc. uses a variety of open-source and proprietary tools to scan the targeted network and identify the accessible resources that could be exploited. Besides testing for installed software that could be exploited, we also identify the operating systems being used on each accessible machine and the potential exploits possible through the OS.

    Some of the tools we use include:

    NMAP
    nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode. Thus nmap incorporats virtually every scanning technique known.

    NBTscan
    NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.

    XProbe
    Xprobe is an Active OS fingerprinting tool based on Ofir Arkin's ICMP Usage In Scanning Research project. Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting.

    This is especially true when trying to identify some Microsoft based operating systems, when TCP is the protocol being used with the fingerprinting process. Since the TCP implementation with Microsoft Windows 2000 (and Microsoft Windows XP) and Microsoft Windows ME, and with Microsoft Windows NT 4 and Microsoft Windows 98/98SE are so close, usually when using the TCP protocol with a remote active operating systems fingerprinting process we are unable to differentiate between these Microsoft based operating system groups. And this is only an example...

    At no time do any of the tools we use modify the targeted systems or "stress-test" them with Denial of Service (DoS) attacks. The scans of the network are purely passive.

    After scanning the network and evaluating its exploitability we produce a report in ASCII text, Microsoft Word or Adobe Acrobat (PDF) format as per the clients needs. The report details the scans performed and the potential exploits possible. In the appendices to the document, the fixes for each vulnerability are described in detail.

    A complete dump of all of the scans performed and the information collected is availble to the client in ASCII format. It may be compressed at the clients request.

    If you would like more information or require a quote please fill out the contact information form. All Security Audits are quoted at $300/hour.



    First Name
    Last Name
    Email
    Company Name
    Address
    City
    Prov/State
    Postal/zip
    Country
    Telephone
    Fax


    1. How many of your businesses physical locations do you use to support your e-commerce transactions?


    2. Is each location part of the same organization and covered by the same set of operational policies and procedures?


    3. For each physical site, we would need a brief narrative description of the network environment that supports any aspect of the e-commerce transactions.


    4. What, if any, firewall do you have at each site?


    5. Is each site isolated by a firewall?


    6. How large is the block of incoming phone numbers supporting the business,per physical location?


    7. What is the number of network servers your business utilizes for e-commerce? We will need to know the following for each of the identified servers:
      • Business location
      • Operating system and version
      • Firewall application and version
      • Web server application and version
      • Type of network connectivity



    8. For each firewall appliance not listed with the network servers described in the above question, please provide:
      • Business location
      • Manufacturer, model, operating system and version



    9. For each networked workstation, please provide:
      • Business location
      • Operating system and version
      • Type of network connectivity



    10. How many of your employees have direct or indirect access to current or stored Visa account information on your customers?
    Privacy Policy  |  Security  |  Disclaimer

    Copyright © 2001 - 2006 PayPaq.

    All rights reserved. Large sections of this site may not be copied without the consent of Strategic Profits Inc. All text that is intellectual property is copyrighted. Theft will result in consequences. Any information from this site may NOT be used or displayed in any form without prior permission from Strategic Profits Inc. and such information requires that appropriate credit be given to this site.