|
|
Cisco Secure Consulting provides customers with responsive, unparalleled network security expertise.
Having a thorough background in critical information protection operations in military and commercial environments and trusted by Fortune 1000 clients, Cisco security engineers provide proactive Security Posture Assessments (SPAs). Lauded in Fortune and Network Computing magazines, these assessments include comprehensive security analysis of large-scale networks externally from the perspective of an outside hacker and internally from the perspective of a disgruntled employee. Security vulnerability information is analyzed and concisely presented to the client with operational-level recommendations as to how to better secure the corporate network and help enable it to reach its full business potential.
Cisco Secure Consulting also provides responsive Incident Control and Recovery Services, which are short notice, emergency engagements when a client is undergoing or has recently suffered a hostile network event. The purpose of the service is to eliminate the attacker`s access to the network and to work with the client`s IS staff to restore the affected networked systems back to their preattack status.
Both services are primarily intended for Fortune 1000 or IT-intensive clients.
Cisco Secure Consulting Services offers the following benefits:
Industry-leading offering as reported by Fortune and Network Computing Magazines
Trusted personnel, with a majority of them having held Top Secret and higher national security clearances in previous positions in military and government environments
Large-scale expertise - clients include two of the Top 10 US banks and two Fortune 50 manufacturing clients
Very comprehensive approach, analyzing external perimeter systems, dial access, and internal network
Thorough analysis of systems by performing both direct and secondary exploitation techniques to confirm the presence of vulnerabilities
Primarily use more powerful proprietary tools instead of standard commercial-off-the-shelf software
Focused operational approach; not trying to be all things to all people or have all security needs outsourced to group
Assessment work causes minimal performance impact on network
Report offers "big picture" recommendations for executive management and detailed technical recommendations for network administrators
Proven methodology with over three years of experience and with over 150 engagements
Everyone`s heard about "distributed denial of service" attacks and other assaults on large e-commerce and other web sites. In order to help Cisco customers prepare for potential external threats, Cisco Secure Consulting now offers two, external-only Security Posture Assessment offerings.
The external assessment is a concentrated analysis of the exterior of the network that looks for vulnerabilities from the perspective of an Internet or dial-in ("war dial") hacker. Results can help organizations effectively and objectively understand the security state of the network perimeter and identify areas to improve. There are two external SPA offerings, based upon the number of employees (see Ordering Information).
Security Posture Assessment Proposal Request
The following information is required for Cisco Secure Consulting to cost the Security Posture Assessment accurately. The more accurate the information you provide, the more accurate the cost estimate can be. Please forward the completed worksheet to securityconsulting@cisco.com or fax it to (512) 378-1425 to receive a formal written proposal.
The information you provide will be treated with the strictest confidentiality.
Customer Information
1. Company Name(s).
List the name(s) of the company that will be assessed. Include any subsidiaries that go by a different name than the parent company.
2. Primary Administrative/Contract Point of Contact (POC).
Enter the name of the person who will be coordinating the assessment. Cisco will send a hard copy of the proposal to the mailing address listed. Please include a street address in case using Federal Express is required.
Name
Title
Phone
Fax
Mailing address
3. Billing Information (if different from primary POC).
Enter the name of the person who will be the contact for arranging a purchase order:
Billing POC
Billing address
Special instructions
4. Technical Point of Contact.
Enter the name of the person Cisco can contact to answer technical questions and handle coordination issues (usually a senior network administrator):
Name
Title
Phone
5. How many employees does your company have?__________________
Modem Audit
6. The following information is needed to audit your company`s telephone numbers for modem use.
How many telephone numbers will be included in the assessment?
How many modems are connected to individual workstations?
How many are centralized Remote Access Servers?
Is an electronic copy of all telephone numbers available? Y/N
External Assessment
7. The following information is needed to analyze the security of your company`s Internet presence.
Does your company offer its customers E-commerce using the Internet? Y/N
Does your company use a firewall or packet-filtering router? Y/N
Does your company have administrative control over the machines connected to the Internet? Y/N
Is there an Internet Service Provider (ISP) providing Web Page, DNS, or mail services for your company? Y/N
How many devices are visible from the Internet?
How many separate Internet connections do you have?
List the InterNIC registered domain names used by your company. Be sure to include any subsidiaries that use different names (for example, plastics.com, goodplastic.com, and gp.com).
List the Internet (IP) address ranges in use within the Internet registered domains and their associated netmasks. IP Address Range (Ex. 208.12.125.0)Netmask (Ex. 255.255.252.0)
Internal Assessment
8. The following information is needed to assess your company`s internal network security posture.
Are all internal addresses visible from one location? Can you ping all addresses from the company backbone? Y/N
If not, how many physical locations will need to be visited to see all addresses?
List network protocols used on the internal networks (for example, TCP/IP, IPX)
How many total network devices does your company have on the internal network? (This should include all devices having an IP address such as printers, routers, Microsoft Windows-based clients, mainframes with IP stacks, etc.)
Mark the operating systems in use on the internal network and indicate the number of hosts running each. If yours is not listed, please add it. Operating Systems Estimated Number of Hosts
AS-400
AIX
BSD
DG-UX
Digital Unix
HP-UX
IRIX
Linux
MVS
Novell NetWare
SCO
Solaris/SunOS
Tandem
VAX/VMS
Windows 3.x
Windows 95/98
Windows NT
Other (please specify)
List the internal IP address ranges in use and their associated netmasks.
IP Address Range (Ex.10.10.42.0)Netmask (Ex. 255.255.252.0)
|
Description |
Part Number |
|---|---|
|
Security Posture Assessment |
NWSECURITY-SPA |
|
Incident Control and Recovery |
NWSECURITY-SPA |
|
Security Posture Assessment -External (10,000 or more employees) |
SPA-HAS |
|
Security Posture Assessment-External (fewer than 10,000 employees) |
SPA-EXT |