EMAIL
203.440.4559
Jump to services:
Internal Penetration Testing
External Penetration Testing
Ethical Hacker Solutions
Social
Compliance for Credit Unions
Internal Penetration Testing
IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organization to conduct independent testing of the Information Security Program, to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI). The internal network (file servers, workstations, etc.) of the organization is exposed to threats such as external intruders breaching perimeter defenses or malicious insiders attempting to access or damage sensitive information or IT resources. In a 12-month period alone, over 100 million personal records have been compromised due to security breaches. Almost 1/3 of these breaches were the result of hackers.
Best Practices recommend that each organization perform an Internal Penetration Test in addition to regular Security Assessments in order to ensure the security of their internal network. An Internal Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed. An Internal Penetration Test mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the organization to address each weakness. Robrige Network Security can perform this testing both onsite or remotely.
Robrige Network Security's Internal Penetration Test follows documented
Best Practices security testing methodology including:
| Internal Network Scanning |  |
| Port Scanning | |
| System Fingerprinting | |
| Services Probing | |
| Exploit Research | |
| Manual Vulnerability Testing and Verification | |
| Limited Application Layer Testing | |
| Firewall and ACL Testing | |
| Administrator Privileges Strength Testing | |
| Password Aging and Strength Testing | |
| Network Equipment Security Controls Testing | |
| Internal Network Scan for Know Trojan/Hacker Ports | |
| Third-Party/Vendor Security Configuration Testing | |
| Hardened Server/Device Configuration Testing | |
| Remediation Retest | |
External Penetration Testing
IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organization to conduct independent testing of the Information Security Program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI). The Internet-facing component (website, email servers, etc.) of the organization's network is constantly exposed to threats from hackers. In a 12-month period alone, over 100 million personal records have been compromised due to security breaches. Almost 1/3 of these breaches were the result of hackers.
Best Practices state that each organization should perform an External Penetration Test in addition to regular security assessments in order to ensure the security of their external network. An External Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An External Penetration Test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the organization to address each weakness.
Robrige Network Security's External Penetration Test follows documented
Best Practices security testing methodology which includes:
| External Network Scanning | |
| Port Scanning | |
| System Fingerprinting | |
| Services Probing | |
| Exploit Research | |
| Manuel Vulerability Testing and Verification | |
| Firewall and ACL Testing | |
| Intrusion Detection/Prevention System Testing | |
| Password Aging and Strength Testing | |
| External Network Scan for Know Trojan/Hacker Ports | |
Ethical Hacker Solutions
SAFE
Our consultants' superior technical expertise detects any weakness without harming your network.
COMPREHENSIVE
Powerful technology and intuitive manuel techiques provide a complete assessment of external threats.
REALISTIC
Conducted by certified "ethical" attackers ensuring the methodology of "malicious" attackers has been tested.
Social Engineering Testing
Your employees – they are one of your organization's greatest assets. Developing them through training and career advancement plays a pivotal role in your organization's success.
At Robrige, we have designed a Social Engineering Test to help you assess the ability of your employees to identify and avoid potential lapses in security through unintentional communication of sensitive data.
Uncover the likelihood of inadvertent disclosure of confidential information such as user names and passwords.
Help avoid future system access from an external attacker by identifying human lapses in judgment.
Test employee reactions to requests for sensitive information from…
- Authentic looking emails
- Authoritative sounding phone calls
- Testing on latest phishing techniques
Compliance for Credit Unions
Since the late1800's, credit unions have provided their members with an alternative to traditional banks. You give your members the tools to build their own economic wealth and independence while at the same time granting them ownership in your institution. Your philosophy and organization are geared toward providing the highest level of service to your members. Providing this type of detailed service while still protecting your members' information and privacy can be a challenge. In addition, you've got to shield yourself from fraud or other types of criminal activity which have become more sophisticated with the advancement of technology. No matter how many members you have, Robriges' winning combination of technical and regulatory compliance expertise offers you the tools to continue providing a higher level of service to your members while managing your compliance obligations.
Robrige understands the challenge that ever changing and expanding regulations present to credit unions. Our experts monitor these changes to ensure we offer the most up-to-date and cost effective solutions for maintaining your compliance with OFAC, the USA PATRIOT Act, the Gramm-Leach-Bliley Act, the Red Flag Rules, Regulations CC and E, and more. We want you to be able to focus on the members of your organization. And our focus is on you. Just as you are an advisor to your members for all their banking needs, Robrige is your advisor for all your compliance needs.
INTERNAL / EXTERNAL VULNERABILITY ASSESSMENTS
An Internal Vulnerability Assessment will perform a complete scan of the internal network and detect all known vulnerabilities; it will analyze every device IP address by IP address to identify the device, its operating system, firmware, service packs and/or patches. It will then generate a report describing known vulnerabilities for each device.
An external vulnerability assessment will be performed remotely from Robrige Network Security in order to analyze the integrity of the credit union's perimeter security. The assessment will validate the configuration of the firewall and will determine if a possibility exists for attacks via the protocols currently allowed through the firewall. This service simulates attacks to determine if perimeter security devices can be bypassed or penetrated.
Vulnerability Assessment is an on-going process, as so testing should be performed on a regular basis. Since the ideal amount and frequency of vulnerability testing will vary according to the client's specific security policy, needs, size and NCUA,HIPPA,ISO,FFIEC,PCI requirements, Robrige Network Security offers many options to accommodate each client's individual needs. Below are samples of available programs:
- INDIVIDUAL TEST – External /Internal Vulnerability Tests can be performed.
- BI-ANNUAL TESTING - A series of one (1) internal (on-site within CT and Southern MA) and one (1) external vulnerability test will be performed within the same time frame. After six (6) months, another series will be performed. This program can be renewed each year (Recommended Minimum).
- QUARTERLY TESTING - A series of one (1) internal (on-site within CT and Southern MA) and one (1) external vulnerability test will be performed within the same time frame. Every three (3) months thereafter, another series will be performed. This program can be renewed each year.
- MONTHLY TESTING - A series of one (1) internal (on-site within CT and Southern MA) and one (1) external vulnerability test will be performed each month. This program can be renewed each year.
- REPORTING – Robrige Network Security provides a comprehensive report with all vulnerability findings delivered in both an Executive Summary and a Detailed Technical Report. The technical report includes descriptions of all detected vulnerabilities, their level of severity, what devices are affected and any known remediation procedures or recommendations. And very easy to read and understand.
Our Services
Does your business need network assessment? If your company or organization uses an electronic information system for storing medical records, customer account information, or general data or offers credit card transactions, a network security policy needs to be developed and implemented. In addition to including network risk assessment, management, and protection, a security policy must incorporate regular IT audits. A network perimeter or interior may contain vulnerabilities, which serve as gateways for outside threats to enter and to corrupt your system, and an IT audit identifies these weaknesses and offers solutions for repairing them.
Data security and up-to-date protection against threats are not the only reasons an IT assessment is necessary for your company. Industry best practices, such as FFIEC, GLBA, and Sarbanes-Oxley for finance and HIPAA for health care, mandate a network security policy with regular assessments for all electronic information systems. To maintain industry compliance, IT audits need to be conducted regularly.
Outside threats evolve with the latest technologies, developing new tactics for bypassing or breaking through firewalls. Although attack methods change, most fall under the following: viruses and worms, Trojan horses, phishing, packet sniffing, malicious websites, spam, or zombie computers. Threats, however, go beyond a technical level. Even with a firewall in place, a network can be vulnerable through physical or personal approaches. Facilities may be open to outside intruders, who can then enter and steal data, or your workers, unaware of new security threats, are contacted and asked for password information, giving an outside party access.
An IT audit by Robrige takes all of these factors into consideration and targets technical, physical, and personal threats. An IT audit can include penetration tests for the server and firewalls; personal interviews with employees; vulnerability scans; examining operating system settings; and researching historical data. Ethical hacking techniques are used to probe the perimeter and interior of a network for threats, and social engineering is employed to check the alertness of your workers. With quick reporting, Robrige produces a summary of the IT audit for your business, identifying all vulnerabilities and offering repair solutions.
