A Network Security Assessment (NSA) is an psuedo hack attempt / penetration test of a network node(s) via the Internet. This test uses all the techniques that hackers use to try to abuse your network.

Description
A NSA utilizes a number of combined tests to scope each IP address for known services and then scopes these services for known flaws and common mis-configurations. Our NSA looks at the entire scope of TCP/IP services running on nodes. It also tests for common Denial of Service techniques, password flaws as well as confusion attacks that can halt your services. Currently our NSA utilizes over 1500+ security checks and is not driven by a 'bot' but an experienced security team with years of experience securing networks. In addition, we implement the latest discovered flaws as they are publicly announced (before if we find them first!) to give you the cutting edge of security assessments.

What Is Tested
The test can be directed to firewalls but more commonly toward network nodes protected by firewalls. A firewall allows only approved traffic to pass through it to internal nodes. A common misconception is that this protects your internal nodes completely. Indeed, by only allowing approved traffic to pass through limits your security liability, but there are many attacks that can use these open traffic paths to penetrate and attack a network. Take Code Red as an example, it attacked port 80 amongst others. Any public web server behind your firewall has to allow this traffic to pass and so would be vulnerable to this attack. A NSA will tell you what, if and how the allowed traffic is a security risk.

How It Works
You supply us with the IP address(es) of the node(s) you would like scanned. If they are external we will undertake the test remotely. Should you want your internal nodes scanned we will come onsite and camp out on a network connection for a while. We will then undertake any remote NSA at somepoint unknown to you during a 7 day (or more for larger scans) window you allow to us. This could take place at any time of the day or night and without warning. Internal nodes will require us to visit your site and connect to your network to complete the scans. The information will then be analyzed and investigated and a report with recommendations drawn up for you.

Banking, Financial & Medical Institutions
This test can help ensure your compliance with the Gramm-Leach Bliley (GLB) Act, also known as the new Privacy Law. The reports can be submitted to FDIC & OCC auditors.