Internet Security Testing
Any device with access to the Internet is a potential open door to would-be hackers. RISS provides vulnerability assessments during which it closely maps the network architecture, examines all open ports, hosts and services with access to the Web, and ensures that these network devices are secure. Defensive thinking gathers information such as domain names, IP network ranges, operating system and applications, to identify systems on the network, how they are related, the services that are exposed through open ports (such as http, SMTP, terminal services, etc.). Once open ports and attached services are identified, RISS determines whether each service has been updated with the most recent patches and identifies other vulnerabilities located within the exposed services.
In addition to conducting vulnerability assessments, RISS performs more rigorous penetration tests in which the information gathered from its assessment is used to attempt to penetrate the network. This more thorough procedure can confirm whether potential vulnerabilities are, in fact, capable of being exploited to expose the network.
Following all vulnerability assessments and penetration tests, RISS uses the information it gathers to prepare a thorough vulnerability analysis and offers recommendations for strengthening network security.

Intranet Security Testing
While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, RISS provides Intranet risk assessment and analysis to protect against the potential threat posed by insiders.
Depending on the client’s needs, intranet testing can be performed by RISS under varying degrees of disclosure of network information from the client, for example with or without network accounts.

Dial-in RAS Security Testing
Dial-in links pose a potential threat to the integrity of the network security system. RISS examines dial-up connections that allow employees to access the network through public telephone lines or other dial-up connections. Given a range of telephone exchanges that may include modems, RISS can identify target numbers that allow for remote access. Using these numbers, RISS attempts to exploit vulnerabilities in the system and gain access to the network. RISS can also assess risks posed by the exposure of dial-up connections to the public telephone network which might undermine the client’s own internal security architecture.

Web Application Assessment
This assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns. RISS can test these applications using either zero-knowledge testing or full-access testing to examine the full range of potential vulnerabilities. RISS also conducts source code audits to identify any potential vulnerability among the applications and scripts that are accessible through the Web.

Wireless Assessment
Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network. RISS evaluates how to prevent wireless communications from being exposed to eavesdropping and access by unauthorized intruders. Additionally, RISS examines the enterprise infrastructure for unencrypted or standard WEP enabled access points that may be vulnerable in order to ensure the security of the network.

Social Engineering Assessments
Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. RISS is the premier consulting firm in its ability to identify weak links in the security chain through exploitation of human vulnerabilities.
Once individual or systemic weaknesses are identified, RISS recommends procedures designed to ensure that employees do not divulge information that could compromise company assets. The social engineering assessment not only uses tactics intended to gain confidential information, but also to induce unsuspecting employees to create vulnerabilities that can subsequently be exploited to gain access to confidential information.

Telecommunications Assessment
RISS has unique experience testing vulnerabilities in private bank exchanges that operate company voicemail and messaging systems. Unauthorized access to these systems can allow an intruder to eavesdrop on and manipulate employee voicemail messages, initiate outgoing calls from internal company lines, and access corporate telephone networks and directories.

Database Assessment
Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. RISS tests database integrity to determine whether any vulnerability may compromise this sensitive information.

Physical Security Testing
Access to confidential information can often be obtained by simply gaining physical access to company premises. RISS conducts on-site surveillance to assess physical security and uses social engineering, pass key duplication, and other techniques designed to gain physical entry into secure areas and the network system.

Forensics
In addition to preventing future attacks, RISS can conduct forensic analysis to evaluate past security breaches. This analysis examines log reports, compares backups to identify modifications to the network, and investigates the introduction of foreign software tools to help identify intruders, determine the extent to which the network has