M & M Consulting LLC regularly performs vulnerability assessments and penetration testing for its clients. The objective is to evaluate whether the Financial Institution's network is vulnerable to unauthorized access and use. Vulnerability assessment uses automated software, including scanning tools, to detect potential vulnerabilities in the Bank's network. Penetration testing portion uses automated probing and scanning tools to attempt to penetrate the Bank's firewall from a remote location via the Internet.

Vulnerability Assessment. The vulnerability assessment tests each service that a computer (or set of computers) offers to see whether it is vulnerable to attack, by essentially doing what an attacker does, stopping short of actually taking over the system. It starts an attack but stops before it does any damage. The assessment is conducted from within the client's environment. Computers to be included (or excluded) are clearly defined by both M & M Consulting and the client. M & M Consulting reports any limitations or restrictions of scope to the institution's Audit Committee or comparable body.

Penetration Testing. The penetration test involves the use of one or more automated tools to identify and organize vulnerabilities found in a target network or system. We initiate this test outside the perimeter of the client environment to find, exploit, and report any vulnerabilities in the perimeter defenses of designated systems.

Other Testing. Other testing may include password cracking, war dialing and/or social engineering, depending on the needs of the client.

To contact us:
Phone: 207-650-4665
Email: Audit@mmconsulting.info