Information system vulnerability scanner
Vulnerability scanning service that identifies weak components and errors in system and application software configurations.
We perform scanning of information resources (server, DBMS, user workstations) using the RedCheck vulnerability scanner, OVALdb, and FSTEC databases of vulnerabilities, as well as using corresponding security configuration profiles of client information resources.
- Scanning of information systems for vulnerabilities
- Analysis of system configuration, including compliance to information security standards
- Vulnerability scanning
Analysis of information system for uninstalled critical security updates, weak password policy, and software configuration errors; control for vulnerable or unsupported software and violations of selected security policies.
We conduct the following types of audits:
- Vulnerability audit
- Audit in pentest mode
- Audit of networking hardware configuration
- Audit of virtualization environment configuration
- Audit of DBMS, application servers
- ACS security audit
We search for vulnerabilities using the open repository signature database OVALdb. The signature database is updated and synchronized with the NVD (National Vulnerability Database) daily.
Information system vulnerability analysis is performed using automated scanners and the largest CVE databases.
A black box security audit is carried out with mini-knowledge of the IS and no user privileges. In the process of auditing, the parameters of the scanned server, OPs, ports, protocols, availability of services are determined. Based on various features, versions of installed software and vulnerabilities for the scanned host are determined using the OVALdb database.
Audit of virtualization environment configuration
We perform a comprehensive security assessment of virtualization platforms, including:
- Auditing of virtualization and management server configuration
- Vulnerability and critical updates detection
- Verification of configuration compliance with vendor recommendations and Security Hardening
- Application Server Auditing
In modern systems, application servers have a huge number of parameters and settings that impact application security. To effectively control the secure configuration of the server we offer to use the security configuration profiles of application servers such as Apache, NGINX, Microsoft IIS, Microsoft .NET Framework.
This will reduce the requirements for the number of staff and system administrator skills and reduce the impact of human factors on Information System security.
The following application server configuration profiles are available:
- Apache web server, nginx
- Apache Tomcat application server
- IIS and .NET web server
- Linux services
- Remote Acces Checklist
Almost in any information system, DBMS contains the most sensitive information, so it is important to ensure timely control of security settings, vulnerabilities, and critical updates.
Within the framework of the DBMS vulnerability audit service, we provide scanning with configuration profiles on SCAP format and for compliance to vendors' recommendations.
Key stages of service delivery:
Configuration monitoring and security policy compliance assessment
Scanning of information systems for compliance with security standards, creation of configuration profiles, and monitoring of server configuration for compliance with the selected security profile. These activities can be used for the certification of informatization objects.
The list of configurations for scanning includes more than 1000 programs such as MS Windows, Linux, MS SQL, Oracle Database, MySQL, PostgreSQL; virtualization tools HyperV, VMware, Xen, application servers u Web-servers. Security configurations are included in the basic version of the scan.
- Configurations are monitored for compliance with vendor recommendations and "best practices".
- Ability to customize profiles and settings for the customer
- Uploading profiles and settings in SCAP format
- The result is a policy compliance report and recommendations for configuring and fixing inconsistencies.
Scanning uses one of the largest repositories of security content, OVALdb, which contains configuration parameters, security updates, and criteria for criticality and vulnerability definitions with descriptions and recommendations for fixes. We also use CVE vulnerability databases and FSTEC database of vulnerabilities.
Repository content description is based on SCAP languages, and OVAL (Open Vulnerability and Assessment Language) is used to describe vulnerabilities. Repository content is synchronized with international security content banks such as CIS, MITRE, NIST, and others. OVALdb has "OVAL Adopter", "CVE Compatible" and "joval Compatible" statuses.