Syrinx Technologies
FOLLOW US
  • Home
  • Company
  • Services
    • Services List
    • Testimonials
  • Blog
  • Publications
    • Podcasts
    • Articles
    • Presentations
  • FAQ
    • FAQ Blog
  • Contact

Q: What's the difference between a vulnerability assessment and a penetration test?

1/23/2013

0 Comments

 
A: From "www.darknet.org":

Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region).


A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.
0 Comments

Q: How do you pronounce "Syrinx"?

1/22/2013

0 Comments

 
A: sir-i?(k)s or perhaps sear-inks
0 Comments

Q: What are the implications to PCI?

1/21/2013

0 Comments

 
A: The PCI DSS released an document in June of 2011 addressing virtualization. You can download this document by clicking here. 
0 Comments

Q: What are the normal billing terms for services?

1/21/2013

0 Comments

 
A: All services performed by Syrinx Technologies are billed as fixed price projects. The normal terms are Net 15. Unless the project is large enough to be broken into sections with milestones the invoice is submitted with the draft reports.
0 Comments

Q: Does Syrinx Technologies have an RSS feed?

1/20/2013

0 Comments

 
A: Yes, you can subscribe to the Syrinx Technologies RSS feed here.
0 Comments

Q: Does Syrinx Technologies have a blog?

1/19/2013

0 Comments

 
A: Yes, you can read the blog at http://syrinxtech.blogspot.com.
0 Comments

Q: What's the difference between external and internal penetration testing?

1/18/2013

6 Comments

 
A: An "external" penetration test will examine the various resources available from anyone outside the security perimeter (i.e., the firewall). This testing could include the web/email servers, dial-in, wireless and VPN access. The "internal" penetration test will examine resources available to anyone inside the security perimeter. This could include employees, contractors, temporary employees, partners and attackers who manage to break through the external security perimeter.
6 Comments

Q: What's the average length of an external and internal penetration test?

1/17/2013

0 Comments

 
A: The average external test is about 16-24 man hours, while the average internal test is 24-40 man hours. Factors that influence the external testing includes number of Internet-facing devices, the number of IP domains owned by the client and whether there is wireless or dial-in testing to be performed. Factors influencing the internal testing includes the number of servers, network users and remote locations.
0 Comments

Q: Does it make sense to routinely test my networks?

1/16/2013

0 Comments

 
A: Absolutely! Like any regular health checkup, network security audits should be performed annually. Some clients choose to alternate internal and external testing each year. Others perform quarterly testing to ensure that any problems can be quickly discovered and fixed. On a related note, some clients choose to routinely swap among their vendors who perform security audits. This provides the client a fresh set of eyes, toolsets and methodologies every 2-3 years.
0 Comments

Q: What is an RSS feed?

1/15/2013

0 Comments

 
A: You can get more information here.
0 Comments
<<Previous

    Categories

    All
    Applications
    Dial-In
    General Topics
    Pci
    Policies And Procedures
    Social Engineering
    Syrinx Technologies
    Virtualization
    Wireless

    RSS Feed

Powered by Create your own unique website with customizable templates.