| Penetration Testing |
| Penetration Testing is the term used to describe the testing of your computer networks and their components for any security weaknesses. |
| These tests can be performed with either no prior knowledge of your network apart from an IP address range, or as an authorized user having very restricted access to the network. The test will be conducted remotely, via the Internet, or from your site when user level access testing is required. |
Why do you need Penetration Testing? The tests are designed to highlight weaknesses and areas of concern which could be exploited by a hacker. |
Network security breaches are costly |
| In today's world the two key assets in your business are your employees and your data. Security breaches can bring direct financial losses, threaten company reputation and customer loyalties, attract negative press, and trigger significant fines and penalties. A recent edition of the "CSI/FBI Computer Crime and Security Survey" estimated the average cost of a security breach to be $203,000, and the cost of a single serious breach can be significantly higher. |
It is impossible to safeguard all information, all the time |
| Organizations have traditionally sought to prevent breaches using security barriers, such as access controls, cryptography, IPS, IDS and firewalls. However, the increasing complexity of networks - and the resulting interconnectivity among users - makes it impossible for these barriers to safeguard all information, all the time. New vulnerabilities are discovered each day, and attacks constantly evolve in sophistication and automation. |
Negative Business Impact |
If your data were compromised, stolen or even partially changed, this would have huge negative ramifications for your business.
What would happen if your competitors hired a hacker to steal your patented technology, your customer lists and your competitor analysis? They would be able to out maneuver your company in the marketplace and develop new machinery, software and services, offer these improved services to your customers, and fill any gaps that you had identified in their competitive strategies. |
Disgruntled Ex-Employee |
| Without a thorough security assessment, a malicious user may be able to rely on their security, primarily due to the "human factor". If someone is targeting your organization specifically then there is a strong possibility that they do indeed have detailed knowledge of your systems and procedures (a disgruntled ex-employee for example). In this case it is wise to assume the worst i.e. that they have complete knowledge of your systems. This is because if your security relies solely on the secrecy of your designs, then you do not have any tangible security at all. |
Penetration Testing identifies and prioritizes security risks |
| Penetration Testing evaluates a network's ability to protect information from unauthorized access. Test results validate the risk posed by specific vulnerabilities, enabling information security professionals to prioritize remediation efforts. As a result, organizations can proactively anticipate and prevent unauthorized access to valuable information assets. |
When to Perform Penetration Testing |
Penetration Testing should be performed on a regular basis to ensure consistent network security by revealing newly discovered threats. Tests should also be run whenever
- new network infrastructure or applications are added;
- significant upgrades or modifications are applied to infrastructure or applications;
- new office locations are established, or;
- Security patches are applied.
|
What is included in the Penetration Testing? |
| Only on-going security assessment will ensure that your network or systems are configured correctly to ensure security to protect from both internal and external threats. |
| Infrastructure Testing |
|
Application Testing |
Testing for firewall, network, routing and protocol led vulnerabilities, looking at servers and operating systems.
|
|
Security of the application layer is often overlooked by developers, users and even some penetration testing companies! Some estimate that as many as 75% of vulnerabilities occur through the application, with some high profile web application hacks making the news as a result of credit card and client data theft. |
|
|
|
| RAS & VPN Testing |
|
Wireless Testing |
Many remote access solutions can be compromised through enumeration of user names & dictionary/brute force attacks against passwords. Several other mechanisms exist to compromise RAS & VPN connections.
|
|
WEP is dead, long live WPA, but don't overlook the security of the wireless client. Few are aware that a laptop/PDA that has used a hotspot is a simple target for the hacker who can easily impersonate an access point. |
|
|
|
| Social Engineering |
|
Mobile Device Testing |
| What's the point of having a technically superb security infrastructure if the hacker can extract user credentials by phone from the helpdesk, or simply walk in the front door to your office? |
|
Mobile phones, PDAs, Blackberries etc. all promote productivity for the mobile worker, but introduce a new set of security challenges. Issues are both hardware and application led.
|
|
|
|
| Workstation & Laptop testing |
|
Server Build testing; |
| If your employees can elevate privilege at the workstation, you have problems. Laptops are often stolen, giving the hacker a useful route into your LAN & lots of sensitive information on the hard disc. |
|
One weak server build can lead to a large number of vulnerable servers if you operate a common build process.
|
|
| Contact Us - Experts Available Today |
| Contact Us - Experts Available Today. Call (212) 608-6112 to speak directly with a Security Expert. |
| Send an e-mail today for more information on how you can engage our Security Subject Matter Experts. |
|
