Security Assessments

RKON security assessments enable organizations to outsource their risk and compliance management to a trusted third party with years of experience managing medium to large networks and adhering to industry best practices. We carefully walk you through the results of the testing to help you understand the issues found—from mission-critical to less-critical—and to execute the next steps.

Typical Assessments

Below are the typical security assessments we implement for organizations who are seeking to measure their security compliance and improve their overall information security posture.

Vulnerability Assessment

A complete vulnerability management solution is available for internally and externally available systems. We will scan your environment for over 55,000 known vulnerabilities and exploits. Learn more >

Penetration Testing

After discovering any vulnerabilities, we attempt to actively exploit them to see if it is possible to breach the organization’s perimeter security. A wide range of penetration testing assessments are available, from a basic external attack assessment to an enterprise-wide assessment. Learn more >

VMWare Security Audit

Our audit will help you to uncover the strengths and weaknesses of your virtual infrastructure and test the effectiveness of your current security procedures. Learn more >

Web Application Security Assessment

A complete web application assessment based on the OWASP Top Ten. Areas tested include code injection, cross-site-scripting, poor authentication, misconfiguration, storage, security certificates, and redirects. Learn more >

Wireless Security Assessment

Wireless site surveys, secure infrastructure reviews, and penetration testing are available. These assessments help an organization to prepare for secure wireless deployments or validate existing wireless infrastructure. Learn more>

Security Infrastructure Architecture

A review of your current security policies is the best start for validating a proper corporate risk analysis. RKON will work with your team to identify areas for improvement in your current policies and/or develop an all-encompassing security policy for your organization.

Perimeter Security Review

By reviewing you current perimeter security posture, RKON can determine areas of possible exploitation and make recommendations to reduce your risk footprint. Areas include firewall and IDS/IPS security review, web/ proxy/SMTP filtering, and VPN access.

Server Hardening Assessments

By performing authenticated scans of your server environment, RKON can determine if you are aligned with accepted security best practices, and areas such as patch management and secure service delivery.

Cisco IOS and Juniper JunOS Configuration Audits

Reviews that perform configuration audits for IOS-based Cisco devices and JunOS based Juniper routers, switches and firewalls.

PCI DSS

Assessments developed to test AIX, HP-UX, Linux, Solaris and Windows systems for minimum required PCI configuration settings.

Defense Information Systems Agency (DISA/DoD) Configuration Audits

Configuration audits to verify alignment with DoD best practices for Apache, IIS, Solaris, Red Hat, Windows, Mac OSX, Microsoft IE, IBM iSeries

Industry Compliance

Assessments to test your alignment with industry compliance standards such as: FDCC, SCAP, CERT, DISA, NSA, GLBA, PCI-DSS, and HIPAA standards.

Unix and Windows Compliance Checks

Audits based upon standard Microsoft and *nix security templates. These include best practices for: Abobe Reader, AIX, Apache, Linux Process Accounting and Secure Login, OWASP Top Ten Recommendations, Red Hat, SELinux, Tomcat, VMware ESX, IBM iSeries, Databases (DB2, MS-SQL, MySQL, Oracle), Unix, and Windows systems.

SCADA

Assessments are available for a wide variety of Control Systems and SCADA from NSA approved vendors.

Anti-Virus Audits

Audits designed to allow users to determine if an anti-virus package is installed and set to a working state, as well as scan for known trojans and rootkits.

Patch Management Audits

Assessments that validate the current status of the following update software:  Windows WSUS, Red Hat Satellite, SCCM Server, and VMware Go Server.

Sensitive Content Audit

Audits that look for Credit Cards, Social Security numbers and many other types of sensitive data.