Month: January 2017

Free Vulnerability Assessment till 30 September 2017!

Each vulnerability assessment encapsulates a process to identify, classify, report on and provide remediation advice for the security weaknesses of a constituent’s IT infrastructure. It entails a scan to uncover exploitable weaknesses in network devices, servers and systems. The results are manually verified and then compiled into an easy-to-read, actionable report.

A combination of regularly scheduled vulnerability assessments and penetration testing will help institutions identify security weaknesses in IT infrastructure before they can be used in an attack. The institution can then take action to remedy the weaknesses and prevent an attack/compromise.

Key features:

  • External and internal options available
  • Multiple scanners used (commercial and open source)
  • Scalable to unlimited IP addresses
  • Optional DNS verification
  • Customised report and remediation advice
  • Severity-level classification to aid remediation prioritisation
  • Manual (infosec expert) verification
  • User-friendly, actionable report (reduced page count)
  • Follow up advice or assistance (limited)
  • Cost-effective charging model

What we need:

  1. Permission to scan – from the appropriate authority
  2. List of domain(s) and/or IP addresses
  3. Security contact details + PGP key

You get:

  1. Extensive, low-intensity assessment using multiple scanners
  2. Manual verification/analysis/research
  3. Report summarising the findings and providing actionable remediation advice
  4. Spreadsheet with raw results
  5. Limited follow-up consultation if required

From passionate information security specialists!

For more information please see the SANReN CSIRT website.

 

SA NREN CSIRT Update

The SANReN Computer Security Incident Response Team (CSIRT) have been working hard to get the proactive CSIRT services operational. We launched our website, in November.

Currently, we offer vulnerability assessments and announcements services. This includes one free vulnerability scan per institution valid until end September 2017. To make use of this offer, please email the following requested information to csirt@sanren.ac.za.

Over the next 3-6 months, we will be refining our announcements service. Look out for some exciting developments – e.g. customised vulnerability feeds and a CSIRT launch event / follow-up workshop.

We will be working closely with TENET this year to formalise the reactive services and complete the portfolio for CSIRT as well as partner with other (and especially NREN) CSIRTs around the world.

To subscribe to our mailing list (open to customers/beneficiaries of the NREN and supporting organisations), please send an email to csirt-news+subscribe@sanren.ac.za. Reply to the confirmation email and we’ll approve/verify.

To register a security contact for your site or institution, please send an email to csirt@sanren.ac.za.

For any other CSIRT-related queries or assistance please email csirt@sanren.ac.za. Feel free to provide input on what you’d like to see from the CSIRT.