Contact Us Today! (626) 606-8594

Vista Computing Blog

Category Archives: How to

Tip of the Week: Download Videos from Social Media

Social media is a big part of the modern world and sharing video is a big part of social media. What happens if you are shared a video, or see a video that you’d like to save to your computer? Today, we’ll take you through the process of downloading videos from your favorite social media sites. 

Read more ...

Tip of the Week: How to Keep Your Facebook Clean

Facebook has become a highly effective networking tool in both our professional and personal lives. As I’m sure I don’t need to tell you, a business page on Facebook can bring a lot of attention to your company. Unfortunately, if someone were to use the wrong kind of language on your page, this attention likely wouldn’t be the kind you want your business to get. For this week’s tip, we’ll go over how you can get rid of this kind of content to protect your business’ reputation.

Read more ...

A Simple Methodology for Conducting Network Vulnerability Assessments

There are various methodologies out there when it comes to conducting a network vulnerability assessment.  But in all fairness they’re all pretty much similar in the fact that they contain various steps in the process and these steps may consist more or less of 7 main phases and can be used in conducting assessments for small and medium sized businesses (SMBs).  We follow the following methodology within our practice at https://www.vistacomputing.com.  For SMBs you can follow these simple steps: 

1.  Kick-off engagement meeting

2.  Discovery

3.  Investigation

4.  Verification

5.  Exploitation

6.  Reporting

7.  Remediation

Detailed Information regarding the above steps:

1.  Kick-off engagement meeting

The kick-off engagement meeting is for initial meet and greet with the client to find out more about what the client is trying to accomplish and deals with administrative tasks.

    a.  Identify the business drivers

    b.  Identify and engage the stake-holders

    c.  Set expectations and priorities

    d.  Acquire authorizations from the client

    e.  Validate and verify client subnets and host IPs

2.  Discovery

The discovery phase consists of technical tasks associated with finding out information about the client through the IP Addresses given by the client.  This is the scope of the engagement.  Typically the discovery phase includes finding out which hosts respond to ICMP echo requests, basic TCP Port Probes, DNS lookups and reverse-lookups.

3.  Investigation

The investigation phase is a deeper inspection of the hosts that are within scope for the engagement.  This is a technical task using various products to conduct vulnerability scans against the IPs.  We use a combination of open-source and commercial tools to carry on these tasks.

4.  Verification

The verification phase is a manual task where the reports of the investigation reports are manually verified for false-positives.  This is a phase for conducting clean-up tasks of the investigation report.  We usually call this the quality assurance phase where we make sure we’re delivering something that’s valid.

5.  Exploitation

The exploitation phase is a technical task to try and break into a system through the vulnerabilities found in the investigation report and/or the discovery phase.  If it is discovered that a critical and/or high risk vulnerability is found, seek approval from the stake-holders to conduct exploitation.  Not all engagements require the exploitation phase.  This is always optional.

6.  Reporting

Reporting is an important key factor when conducting the simple network vulnerability assessment for a client.  It is a common best practice to keep records of each step of the process through screen shots, notes, and various documentation efforts.  The report is primarily for the client to have a representation of where they are in terms of network security and how vulnerable they are.  The report will also include all vulnerabilities discovered as well as the remediation steps.  The final report is a PDF.

7.  Remediation

The remediation phase is for plugging the holes in the client’s network.  The remediation phase is a list of tasks to be completed in order to get rid of the vulnerabilities and to mitigate the risks.  This is also an optional task and we would need to discuss it with the client.

A VERY IMPORTANT DISCLAIMER:

All vulnerability assessments and penetration testing efforts are point in time tests.  So while we are conducting a vulnerability assessment you have to remember that it is a point in time test because a few minutes after a test is completed there could be a change to the system that we just scanned.  

4 Ways a Managed Service Provider Can Help Your Business

msps_help_businesses

How much does your business rely on technology to keep your organization running forward? As business technology becomes more complex, it’s becoming increasingly popular for organizations to have their own internal IT departments to manage and maintain it. Yet, small businesses don’t often have the necessary funds for such a feat. How can your company afford quality IT service? You can start by pursuing managed IT solutions from a managed service provider.

Read more ...