COVID-19 Support and Services Update 6.8.2020, see more information here.

Vulnerability & Penetration Testing

Network Vulnerability Testing

FIPCO ® vulnerability testing is an automated process of proactively identifying vulnerabilities on an institution’s information processing network in order to determine if and where a system or network component can be exploited and/or threatened. It focuses on seeking out security flaws based on an industry standard database of known flaws, testing systems for the occurrence of those flaws and generating a report of the findings that can be used to mitigate the vulnerabilities to improve the organization’s security and reduce risk.

The network based vulnerability scanning can be performed from one of two perspectives:

Or

IP addresses are established as the targets for scanning. Included is information establishing which will be scanned as well as which should not be included or need special handling.

After the scanning is complete, an executive summary report is generated with an executive summary of the more critical technical vulnerabilities. Detail scanning reports from the scanning software will also be available with technical detail for technical staff to use in mitigating the findings.

The Vulnerability Scan provides for the following deliverables:

Network Penetration Testing Services

Penetration testing is a method that typically evaluates the vulnerabilities and exposure of a computer system or network by simulating an attack by a malicious user. The process typically includes vulnerability scanning. Analysis is carried out from the position of a potential attacker who is attempting to exploit vulnerabilities that may be identified with a goal of gaining access to internal systems. Security issues that are found will be reported with an assessment of their potential impact. The intent of a penetration test is to determine feasibility of an attack and typically to measure the effectiveness and maturity of an institutions vulnerability management. With penetration testing there is a greater possibility that systems may be damaged in the course of testing and may be rendered inoperable, even though there are benefits in knowing that the system could have been rendered inoperable by an intruder it can still be an expensive event. This risk is minimized by using experienced penetration testers, but it can never be fully eliminated. Scoping of a penetration test is important and generally a matter of time and resources that an organization wishes to commit for the penetration attempt.