Internal Vulnerability Assessment

The acxell'sInternal Vulnerability Assessment, along with periodic External Vulnerability Assessment, helps institutions assess risks as they relate to information systems in compliance with Section 501b of the Gramm-Leach-Bliley Act and with the Interagency Guidelines Establishing Standards for Safeguarding Customer Information. An Internal Vulnerability Assessment is a study to locate security vulnerabilities and identify corrective actions within the Bank’s internal network.

This security assessment determines whether your critical infrastructure is compliant with industry and regulatory mandate accepted security best practices. acxell’s study will identify areas vulnerable to risk, prioritize vulnerabilities and deliver detailed countermeasures designed to remedy deficiencies and secure the targeted systems and network within your organization.

We utilize commercial, open source and proprietary software to perform an on-site vulnerability assessment of designated internal networks, network accessible devices and/or firewalls (Services). acxell’s attempts to breach your internal network via secure and insecure channels will:

• Identify obvious and obscure system entry points
• Attempt to circumvent access control mechanisms in order to gain access to restricted areas, critical and confidential data, system resources, covert channels and databases
• Determine if unauthorized users can access systems
• Determine if authorized users can elevate their granted permissions
• Determine susceptibility to compromise
• Assess potential social engineering exploits

Three Phase Assessment

Our on-site assessment is conducted in three phases:

Identify – On-site scans utilizing numerous commercial, freeware and proprietary tools are conducted to collect information regarding vulnerabilities. Further hands-on inspection of design and configuration issues is conducted to identify security issues outside scanner detection capabilities. This includes an examination and assessment of security design issues, firewall rule base and route and server configurations.

Evaluate – All information collected is analyzed to identify vulnerabilities and confirm their existence. If a discrepancy or potential false positive is identified, further testing is conducted to confirm the authenticity of the vulnerability.

Mitigate – One or more detailed countermeasures are recommended for each vulnerability found. The countermeasures provide a roadmap to remediation.