Vulnerability Scanning

Assessment & Compliance Services Division

847.221.0200 halock.com

Solution Overview
Solution
At-a-Glance:
 In depth scanning of re-
sponding system, network
infrastructure, platforms,
and applications can be per-
formed externally (internet
accessible), internally
(private), or both
 Locate and identify respond-
ing hosts and services
 Detect over 5,500 known
vulnerabilities across 500
operating systems, applica-
tions, and protocols, ensur-
ing the most comprehensive
and complete results
 Comprehensive reporting of
findings and risks
 Identify and document ap-
proaches and recommenda-
tions to resolve security
vulnerabilities
Servers, applications, network infrastructure,
and other services, once connected to the
network, pose a risk to the organization.
Hackers and malicious users, both internally
and externally, may attempt to exploit these
security weaknesses to gain access to
sensitive information assets.
Identifying and remediating the risks is
critical to protecting the organization at the
perimeter as well as throughout the internal
environment.
Performed in a collaborative manner, vulnerability scanning identifies and evaluates as many
vulnerabilities as possible across The organization’s systems, applications, and underlying
infrastructure. The testing can be performed both internally and externally.
The organization will provide Halock with general information regarding network ranges as well
as specific systems of concern. Halock will map the entire ranges for responding hosts and
perform in-depth vulnerability scanning of responding hosts for security weaknesses such as
vulnerable operating systems, web services, remote access, network service configurations, and
application vulnerabilities. Efforts are focused on those systems or aspects of the environment
that appear to present the greatest potential for gaining access beyond perimeter security
controls.

Professional Services Included : Pricing:

 Pricing varies based on the

 Port scanning and network mapping to iden-  Review and analysis of scan results size, complexity, and depth of
tify responding systems testing
 Selective validation of identified key vul-
 External (internet accessible)
 Automated vulnerability testing of host, plat- nerabilities
scanning base pricing begins
form, and network devices at $2,500 for with additional
 Documentation of Findings
fees based on the number of
 Automated vulnerability testing aimed at web IP addresses tested
application related security issues (i.e. SQL
 Internal (private network)
Injection, ASP and CGI script vulnerabilities,
scanning base pricing begins
Cross-site scripting, Hidden-field manipula-
at $5,000 with additional fees
tion, Authentication vulnerabilities, Session based on the number of IP
hijacking, Database errors, Directory tra- addresses tested
versal, and Form field data validation)

1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
 847.221.0200 halock.com

Vulnerability Scanning: Scope Worksheet

The total number of IP addresses included in the scope for network discovery is as follows:
LOCATION NETWORK RANGES
External (Internet Accessible) Up to _____ Class C (or equivalent) Ranges

Internal (Private) Up to _____ Class C (or equivalent) Ranges

TOTAL Up to _____ Class C (or equivalent) Ranges

Following network discovery, hosts and applications will be selected for automated vulnerability assessment.
The total responding hosts, as estimated by The organization, are as follows:

REVIEW METHOD ESTIMATED RESPONDING HOSTS

Operating System & Platform External (Internet Accessible) Up to ____ IP Addresses
Internal (Private) Up to ____ IP Addresses
Total Up to ____ IP Addresses

Web Application External (Internet Accessible) Up to ____ IP Addresses

Internal (Private) Up to ____ IP Addresses
Total Up to ____ IP Addresses

Special considerations and/or other notes:

1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com