A rugged, whitewater river flowing northward through deep canyons, the New River is among the oldest rivers on the continent. New River Gorge National River in West Virginia encompasses over 70,000 acres of land along the New River, is rich in cultural and natural history, and offers an abundance of scenic and recreational opportunities.
Big Southern Butte is one of two domes rising from a sea of basalt near the center of the eastern Snake River Plain in Idaho. The butte is one of the largest volcanic domes in the world, but at 300,000 years old it is also one of the youngest. Hikers who trek to the 7,550-foot high summit are rewarded with spectacular panoramic views. Photo by Devin Englestead, BLM Upper Snake Wildlife Biologist.
First light at Bosque del Apache National Wildlife Refuge in New Mexico. Established in November 22, 1939, the refuge has provided a critical stopover and wintering spot for thousands of sandhill cranes, geese and other waterfowl for 75 years. Bosque del Apache's sandhill crane population has multiplied from 18 birds in the 1840s to more than 20,000 birds today. Photo by Kim Hang Dessoliers (www.sharetheexperience.org).
The OCIO's ISSLOB Services help you protect your network and applications
OCIO's ISSLOB Penetration Testing team provides a real-life snapshot of your security controls' effectiveness. OCIO’s professionals are experts in the latest attack methods and techniques used to exploit information systems. Our team attempts to break into your network to find vulnerabilities before attackers do. This unique process identifies vulnerabilities and threats; tests the reaction and identification capabilities of your agency; and provides a measurement of continuous improvement.
Why Do I Need This Test? Penetration testing is a controlled attack simulation that helps identify susceptibility to application, network, and operating system breaches. By locating vulnerabilities before the adversaries do, you can implement defensive strategies to protect your critical systems and information.
What Does Penetration Testing Actually Test?
OCIO ISSLOB performs both black box--no knowledge--and white box--with knowledge and/or privileges--Penetration Testing. Assessments include:
Web Application Vulnerability Assessment – These assessments focus on the security of Web-based applications by attempting to exploit faulty application logic. Fixes and approaches are recommended that will increase the security of the application, host server, and network.
External Network Vulnerability Assessment – These assessments focus on the security of the net-work perimeter. They check the effectiveness of firewalls, routers, intrusion detection systems, operating systems, and services available to the Inter-net or untrusted networks.
Internal Network Vulnerability Assessment – These assessments apply to the security of your internal networks and systems. They mirror actual at-tack scenarios launched from an internal source or gauge the extent to which an external attacker could roam through internal networks. This test can also check the security of your wireless LAN infra-structure.
Wireless Assessment – This type of assessment identifies vulnerabilities in wireless 802.11 based networks through a process called war walking. Once misconfigured or rogue access points are located, further attempts are made to connect to the network and leverage vulnerabilities.
War Dialing – This type of assessment identifies vulnerable modems by dialing a predetermined set of numbers. Once an active modem is located, at-tempts are made to identify the service and penetrate the system.
What Is the Procedure for a Penetration Testing Test?
Our security professionals have a written methodology that is constantly updated with new techniques and vulnerabilities. The attack scenario often begins with passive probing to provide a map of the target network, and then progressively escalates. Configuration weaknesses and vulnerable systems are exploited to gain unauthorized or privileged system access. Throughout the test, ISSLOB works with you to identify appropriate target systems and to keep you up to date on the attack's progress. A brief summary re-port provided on the last day of testing identifies all discovered vulnerabilities and the affected systems.
OCIO’s Penetration Testing team can perform a realistic hands-on simulated attack of your network and applications. We will not only find out where the holes in your systems are, we will also determine how good your current intrusion monitoring devices are at recognizing and re-porting the attack. With the results of our tests and recommendations, you can optimize your agency’s security stance and be confident that your network will resist malicious intrusions. We don't just identify problems-we help define a solution balanced around your business objectives.
No separate contract is required. No sole source justification is required.
The OCIO ISSLOB COE is positioned to provide C&A services to DOI and federal government agencies. As an OMB designated ISSLOB, work is initiated through an Inter-Agency Agreement (IAA) with the Interior Business Center Line of Business.
The IAA will reference an agreed upon Memorandum of Understanding, with supporting Proposal, Statement of Work and Rules of Engagement documents. Authority Under Which C&A is Provided: Economy Act – 31 USC 1535 and Working Capital Fund, 43 USC 1467, 1468.