image border
 
Technology Services
  Infrastructure
  Software Development
  Information Assurance

Technology Services -> Information Assurance -> NCR

 

NCR NCR Corporation (NYSE: NCR) is a technology company specializing in products for the retail and financial sectors. Its main products are point-of-sale terminals, automatic teller machines, check processing systems, barcode scanners, and business consumables. They also are one of the largest providers of IT maintenance support services.

 

Summit Technologies was retained by NCR to conduct a security Penetration Assessment for Data Device Incorporated (DDI). Summit performed an external assessment of DDI’s Internet Portal security which included a review of the existing network security infrastructure design and configuration, a reconnaissance investigation including: publicly available information, a port and services scan, and a vulnerabilities assessment of Internet accessible devices, servers, and software services. The details of the Project are provided below:

  • Review current network infrastructure, including firewall and Internet gateway hardware configurations, IP addressing, and access control lists
  • Review current Internet services provided to company users
  • Review current security policy as it relates to the security of Internet portal and services
  • Schedule with customer the systems to be analyzed and tests to be performed
  • Research on the Internet publicly available reconnaissance information, looking for details such as accessible servers, IP address ranges, and access paths into customer Internet portals
  • Scan Internet Portal devices, servers, and services available to the Internet, looking for exposed access ports
  • Scan Internet Portal devices, servers and services available to the Internet, looking for known vulnerable Software versions, default configuration issues, missing security patches, and hardware vulnerabilities
  • Unauthorized Access tests. These include the use of Brute Force dictionary password attacks, as well as trying “default” passwords
  • Review the output of the scanning tools, and perform analysis of security defenses and vulnerabilities
  • Create the Penetration Assessment Report