External

An External Review is an audit done remotely "off-site" from the out side of the firewalled environment. This is first done a blind then knowable penetration test to determine the extent and risk (if any) of an external attack. This audit is good for testing the configuration of a firewall the respective WWW, ftp, email and other network services.

This scan and simulated attack are done remotely over the Internet. Preferably, this phase should be performed with limited disclosure (blind to all but select management) as an unscheduled external penetration assessment.

Penetration tests will be limited to probes as to not cause disruption of business (in any manner).

Optionally (a) this may include attack and evaluation of modem dialup and physical security. This is accomplished via method such as "wardialing." This procedure is used to scan and detect misconfigured dialups and terminal servers as well as rogue and unauthorized desk modems.

Optionally (b) social engineering techniques can be attempted during this audit. Many experts consider social engineering to be the biggest threat to the security of most organizations.

Optionally (c) If this audit is aimed at securing a WWW site. Source code audits of the CGI, Java, JavaScript, and activeX is advisable.

Typically, this type of audit may take one to three days depending on the site, network connectivity and complexity of services. If WWW site source review is requested more time will be required.

No client information will be kept online or offline by NetraCorp or any employee or sub-contractors after compellation of the contract. All data will be returned to the client or destroyed.