Phirelight regularly performs vulnerability assessments for networks connected to and accessible through the public Internet as well as internal systems.
Phirelight has developed a toolset that allows for rapid, methodical collection of vulnerability data from target networks and devices. This toolset is a collection of commercial, open source, and proprietary tools, allowing flexibility and customization for each client’s specific environment.
These activities will create a “map” of the targets. The host system will be treated in the same way a hacker would treat it. Typical activities will consist of:
- Identify reachable hosts – Phirelight will map all hosts directly accessible from the Internet
- Conduct a service scan -This scan includes determining what service ports are present and listening on each identified device to determining the type of operating systems and applications in use.
- Enumeration – Phirelight will extract as much information as possible from the target system. This includes information specific to a listening port.
Results from these tests will guide the testing processing, but will not provide the conclusive results of our analysis – generally, broad network scanners of this type are vulnerable to false negative and false positive results; Phirelight will validate all findings so that only true data is presented.