New York Boston Washington, DC

San Francisco Los Angeles Las Vegas

Chicago Denver Albany Redmond

Europe Asia South America    

Computer Forensics Electronic Discovery Security Auditing
    Home | Contact | Site Map

 

COMPUTER FORENSICS Forensic Services

Email Forensics

INCIDENT RESPONSE

TRAINING
CORPORATE SERVICES
ATTORNEYS

PRIVATE INVESTIGATORS

COMPUTER FORENSIC FAQ

COMMON MISTAKES

QUICK ANALYSIS PLAN

FORENSIC PROCESS

CASE STUDIES

CORPORATE CV

REQUEST A QUOTE

FORENSIC LINKS

 

ELECTRONIC DISCOVERY
E-DISCOVERY SERVICES

DISCOVERY CONSULTING

EXPERT WITNESSES
CASE STUDIES

EVOLUTION OF DISCOVERY

STATE OF THE LAW

E-DISCOVERY LAW

E-DISCOVERY LIBRARY

SPOLIATION CASE LAW

E-DISCOVERY NEWS

REQUEST INFORMATION

CORPORATE CV

 

DATA SECURITY
MAINFRAME SECURITY
APPLICATION SECURITY

NETWORK SECURITY

SECURITY ALERTS

END USER TIPS

SECURITY LINKS

 

SOFTWARE
MaxPatrol

KEY FEATURES

ACCURACY

SCAN QUALITY

PERFORMANCE

RELIABILITY

COMPARISONS

CASE STUDIES

DATABASE

UPDATE SYSTEM

DOWNLOAD

 

RESOURCES
CONTACT INFO
COMPUTER FORENSICS
ELECTRONIC DISCOVERY
PARTNERS
PRIVACY POLICY

TERMS OF USE

 

 

New MaxPatrol Demo Available!
New Demo version includes new intelligent algorithms for detection of blind SQL-injection vulnerabilities in ANY (including custom) web-applications.

 

Go to Demo Download page

 

 

PRODUCT COMPARISONS

PROFESSIONAL  SECURITY  SCANNER
Rocket Science, That's Just Our Hobby!
 

Case Study #1 - Vulnerability Detection

A large Contract Manufacturing Firm had been very successful in implementing a Web Based Supply Chain Management and Customer Order Tracking System. This system was based on am MS SQL back end and was customized in house by contract programmers. As the company grew it implemented stricter security policy, and did regular security scans using some open source security scanners that were commercially maintained, they felt secure. Once the existing Information Security Manager left the company and was replaced the new ISM used a demo version of Maxpatrol to scan a few servers. Upon completion of the scan, among other things, a second instance of an old, un-patched version of SQL was found running on a production server on Port 1435! While this instance was installed during the development cycle, it was still available, though unused, and exposed the company to numerous, serious vulnerabilities. Maxpatrol was then used to scan all the companies' assets, both internally and public facing where numerous other vulnerabilities, such as FTP and P2P services were found as well as machines that were just not patched. Maxpatrol managed to find these services, where others failed using its intelligent scanning.

Case Study #2 - Incident Investigation

An investment firm used Maxpatrol for the first time on its public facing IP Addresses. The System Administrator called complaining that a bug in Maxpatrol found an HTTP like service running on TCP Port 10 and that nothing was running there. "The scanner gave me a false positive the first day I used it" he complained, "I checked the system a dozen times and nothing is running there!" The Maxpatrol Security Team investigated the situation and promptly determined there was, in fact, an alien backdoor and the network was compromised for some time.

Example #3 - Detecting Unpublished Vulnerabilities and Vulnerabilities in Custom Code

Z Company, in there never ending quest to make their internal systems easier to manage and give users more services to boost productivity implemented a customized version of a mail server that had many features that their users wanted and connected well to their CRM and Sales Automation System. The software was based on smaller lesser known mail server, and therefore not many vulnerabilities for it were published. At first glance, the system seemed secure, there was a Firewall that permitted only standard ports 25 (SMTP) and 110 (POP). After an audit with Maxpatrol it was determined, in a completely automated scan, then verified, that the server was vulnerable to an unpublished DoS-Attack at Port 110. The company had to notify the vendor, temporarily stop using the Mail Server and wait for the Vendor to patch the software.

Example #4 - Configuration and Password Auditing

A large chemical company audits its network with Maxpatrol; upon completion of the audit Maxpatrol (using its standard configuration) was able to gain access to the SQL Server after detecting a weak password.

Example #5 - Web Application Auditing

A Publicly Traded Financial Planning Company wanted to allow its clients to access account information on-line. It had a very reputable software development company design a web interface for its database and was very satisfied with the results, so satisfied it published press releases and marketing materials. Before roll out the Information Security Officer demanded the application have a security review prior to roll out. While the application was based on very popular product it went under heavy customization and testing during development, but he insisted the application be tested one more time. Using Maxpatrol to do an initial audit of the public facing application several instances of un-validated input vulnerabilities, Broken Session and Authentication Flaws, Weak Passwords and Injection Vulnerabilities were found, presumably introduced by the customization of the code and user configurations

Download a Demo Now

 
Copyright 2005 Global Digital Forensics