Pen Test
A penetration test is an audit of a production
network environment in which a someone possessing private
access to the tools that crackers typically use in an
assault on a production network, utilize those tools in
a proactive approach to assess the current state of security
on a target network. These tools are used in a zero-knowledge
assault where the hackers or Tiger Team in some cases
are not given any sensitive information about the target
accept the company name, otherwise known as a zero-knowledge
penetration test. The Tiger Team would do low-level analysis
of all services running on a particular set of hosts or
servers, identify their versions, and attempt to exploit
vulnerabilities that would provide further unauthorized
access to the network.
Where applicable to a project, the Network Security Penetration
Test may include, but is not limited to, all or part of
the methodology, activities, and procedures listed below.
Heavy penetration testing generally includes the following
list of vulnerability checks in addition to all of the
items in the light package.
-
Windows-based Trojans
-
Unix-based Trojans
-
Distributed Denial of Service
Attacks (DDoS)
-
Trivial Denial of Service Attacks
(DoS)
-
Password Grinding
-
Brute-Force Attacks
-
HTTPD Vulnerabilities
-
SMTP/POP3 Vulnerabilities
-
Buffer Overflow Attacks
-
Database/Data manipulation
-
Physical Security Testing
-
Social Engineering Tactics
-
War Dialing (optional, would require
extra day(s) of service)
-
Evaluation of Application Source
Code
-
Firewalking (Evaluation of Firewall/Access
Control Rulesets)
-
Finger Abuses
-
FTP Vulnerabilities
-
Remote Root Shell Attempts
-
Remote Shell Attempts
Security Associates Corp™
Penetration Testing services uncover weaknesses in your
organization's external information security defenses
and validate the ability of your organization to detect
and halt an attack. When our testing is complete, Security
Associates explains how we compromised your environment,
and along with providing you remediation steps to mitigate
risks form future attacks.
-
Blind Internet Penetration
Test – With basic information such
as your organization's name, our penetration team
documents the entire process that might be taken in
an attempt to compromise a site without performing
intrusive testing. Our deliverable contains screen
captures and timelines from network profiling to attack
completion.
-
Targeted Penetration Test
– Using multiple commercial and open
source hacking tools in conjunction with information
that would be available to an intruder, our consultants
will ethically probe your systems from the Internet
or onsite at your location. This service tests the
hardiness of specific targets to determine their ability
to withstand internal and external compromise.
|