Supported Hosts include: Windows 2000/2003, UNIX, Linux, routers, Firewall and VPN installations, Strong Authentication Servers, IDS systems, and others.
A Host Vulnerability Assessment is a detailed information security review of one or more Host system(s). The assessment includes an in-depth review of the targeted host system, the operating system environment, current version and patch levels. Further, a review of any hardening techniques applied to host system are taken into account. Policies, procedures, related guidelines and operational data are compiled and reviewed. Interviews of relevant operational staff, administrators and mangers are held to gather additional (and typically undocumented) information relating to the operational security of the host system. Specific security incidents involving the host are noted. The information is gathered for analysis, review and reporting. The report findings include definitions of security vulnerabilities and holes. Each is then assigned a level of associated risk, and means of mitigating risk are suggested.
A typical Host Vulnerability Assessment is a minimum of 2 - 3 days person-days in duration. All Host Assessments need to be analyzed prior to the generation of a cost estimate. The costs vary widely due to the variable number of enterprise hosts, host placement within the IT architecture, diversity of host OS platforms, similarity within OS platforms, geographic distribution and potential T&E costs.