Questionnaire

Intrusion Detection Services Questionnaire

Please respond to the best of your ability.

First Name*:

Last Name:

Email*:

The test team is restricted to after-hours testing as follows:

Light network scans

Yes No
Time range

Heavy network scans

Yes No
Time range

Point scan testing

Yes No
Time range

Denial-of-service testing

Yes No
Time range

Configuration audits

Yes No
Time range

War dialing

Yes No
Time range

The test team has been requested to follow additional guidelines while testing:

Specify any additional guidelines

IP Addresses

List of IP addresses to be tested:

Specific IP addresses targeted for point scans

Chosen by client:

Chosen by the test team:

Specific IP addresses to be used for the ESM (Enterprise Security Manager) configuration audit

Chosen by client:

Chosen by the test team:

Configuration Audit

Number of SysLog Servers:

Windows XXX

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

Number of domain controllers:

Sun Solaris

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

Other UNIX

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

VAX/VMS

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

Linux

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

WinXXX

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

Other Operating Systems

Number of servers:

Percentage of servers to be tested:

Number of workstations:

Percentage of workstations to be tested:

Firewalls

Boundary firewall(s) type:

Number of boundary firewall(s):

Internal firewall(s) type:

Number of internal firewall(s):

Cryptographic Analysis

Client has requested that the test team examine the design of the following cryptosystems:

List cryptosystems, such as PKI system or IPSec, that have been requested

Password Cracking

Windows XXX

SMB capture passwords:

Yes No

Retrieve from domain controller:

Yes No

Brute-force standard alphabet:

Yes No

Brute-force all characters:

Yes No

Time to run (Hours, up to 24):

Novell NetWare

Brute-force standard alphabet:

Yes No

Brute-force all characters:

Yes No

Time to run (Hours, up to 24):

UNIX

Brute-force standard alphabet:

Yes No

Brute-force all characters:

Yes No

Time to run (Hours, up to 24):

Linux

Brute-force standard alphabet:

Yes No

Brute-force all characters:

Yes No

Time to run (Hours, up to 24):

WinXXX

Brute-force standard alphabet:

Yes No

Brute-force all characters:

Yes No

Time to run (Hours, up to 24):

Application Examination

Client has requested that the test team examine the source code of the following applications

for vulnerabilities:

List applications requested

War Dialing

List phone number ranges