Network Security & Pen-Testing

Emulating the Bad Guys

Pen TestingA Penetration Test, or Pen Test, is the process of actively testing your organizations security measures by attempting to penetrate network security using a variety of measures. It is, in essence, hacking your organization in order to evaluate and harden the security measures already in place.

What is tested?

A penetration test will involve the systematic analysis of all the security measures in place. A full project should include some or all of the following areas, with the exact requirements usually being agreed in a formal scoping document prior to commencing (this list is provided courtesy of the OSSTMM):

  • Network Security
  • Network Surveying
  • Port Scanning
  • System Identification
  • Services Identification
  • Vulnerability Research & Verification
  • Application Testing & Code Review
  • Router Testing
  • Firewall Testing
  • Intrusion Detection System Testing
  • Trusted Systems Testing
  • Password Cracking
  • Denial of Service Testing
  • Containment Measures Testing
  • Information Security
  • Document Grinding
  • Competitive Intelligence Scouting
  • Privacy Review
  • Social Engineering
  • Request Testing
  • Guided Suggestion Testing
  • Trust Testing
  • Wireless Security
  • Wireless Networks Testing
  • Cordless Communications Testing
  • Alarm Response Testing
  • Location Review
  • Environment Review
  • Privacy Review
  • Infrared Systems Testing
  • Communications Security
  • PBX Testing
  • Voicemail Testing
  • FAX review
  • Modem Testing
  • Physical Security
  • Access Controls Testing
  • Perimeter Review
  • Monitoring Review

Network Security

Deliverables

After the completion of a penetration test the deliverables will included a detailed analysis of the methodology used to conduct the test, the results of the various attempts at compromise, as well as detailed documentation on remediation of any security flaws found.

*Note: Don’t forget to ask about the new Global Digital Forensics Digital Asset Threat Assessment (DATA) program. With the BYOD (Bring Your Own Device) phenomenon in full bloom, controlling all the data coming from and going to mobile phones and tablets is adding an entirely new security headache to the mix. As these devices flood the cyber landscape, many organizations find themselves gasping for air while trying to keep up from a security perspective. Adding the DATA program to a penetration test will substantially bolster an organization’s cyber security posture, not just from a network and mainframe security perspective, but every facet of your unique digital asset landscape.

Response Time is Critical