External assessment: attempted breaches from outside your network Internal assessment: mimicking the actions of a malicious insider, Phishing simulations Wireless assessment: wireless encryption, rogue detection Web application assessment: customized testing of business applications Social engineering assessment: revealing weaknesses in employee practices
Our penetration assessments identify possible threats and vulnerabilities in your network and provide effective preventative solutions. A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. Our cyber-security services are carried out by an experienced certified ethical hacker who has learned to think like an attacker. We will perform an attack simulation in an effort to:
- Identify security flaws present in the environment
- Understand the level of risk for your organization
- Address and suggest mitigation towards identified network security flaws
Upon approval of a project, we will schedule a kick off call to discuss key areas in the rules of engagement such as: scope, methodology and testing techniques, compliance requirements, testing times, and points of contact. The phases listed below discuss key actions that are taken throughout the network penetration testing process.
PLANNING The following items will be developed during this phase: Key points of contact and procedures for all phases; scopetypes of systems to be tested (e.g. servers, workstations, mobile devices); rules of engagement.
DISCOVERY We will perform extensive network host discovery, service discovery, and enumeration. This involves information gathering and analysis of information available via the Internet. We gather data from organization’s websites, public databases, and social networks with the explicit goal of identifying technical data about the external and/or internal network infrastructure for targeting.
ATTACK The attack phase is where exploitation of any vulnerability and/or misconfiguration occurs. We will use ethical hacking techniques to penetrate vulnerable systems.
REPORTING During this phase, we take great care to ensure we effectively communicate the value of our service and findings as thoroughly as possible. Our main goal is to ensure that all information from the network pen test is clearly understood and that a roadmap toward remediation/mitigation is well defined. A comprehensive final report detailing all testing information along with an executive summary is securely delivered during this step.
Vulnerability Scanning Network vulnerability scanning provides the opportunity to identify active IP addresses and scan them using industry-leading tools with the ultimate goal of discovering vulnerabilities in both internal and external networks. Throughout the vulnerability scanning process comprehensive automated testing will be used to identify as many network related vulnerabilities as possible.
|