|
Level |
Service |
Description |
Network |
Servers and
Workstations |
|
1 |
Discovery |
Scans Internal and
External Networks to identify connected devices |
Lists active MAC
and IP addresses. |
Lists external
services on each active system |
|
2 |
Vulnerability |
Probes systems for
known vulnerabilities |
Documents network
configuration risks |
Details systems
with un-patched or high risk configurations |
|
3 |
Penetration |
Actively attempt
to compromise systems and obtain data |
Reports accessible
networks |
Reports successes
and information obtained |
|
4 |
Benchmark |
Benchmarks traffic
flow |
Reports
communications entering and leaving the network |
Reports system to
system communications |
|
5 |
Intrusion
Detection |
Analyzes logs for
attempted break-ins |
Provides
recommended block list and analysis report |
Highlights
potential internal intrusion attempts |
|
6 |
Configuration
Management |
Evaluates System
Configuration management |
Summarizes
configuration management controls |
Lists systems with
poor security policies and unauthorized software |
|
7 |
Web Application
Testing |
In-depth testing
of Web based applications for security flaws |
|
Reports security
defects within the application |
|
8 |
Physical |
Inspect physical
security of systems and data |
Illustrates
vulnerable physical access points |
Documents physical
access to servers/data |
|
9 |
Disaster Recovery |
Evaluate COOP/CP
plan |
Plan backup
communication services |
Evaluate Backup
and Recovery processes |
|
10 |
Knowledge Transfer |
Train staff to
maintain security services |
|
|
