 |
|
- Alert 247 provides a number of different types of network testing and standard options for those tests. The two basic tests are: a remote penetration test of all external resources and an on-site test of critical internal infrastructure (soon available). These services help our customers address both external threats from Internet attacks and identifies insider risks.
Remote Penetration Testing
- The objective of Remote Internet Penetration testing is to measure the exposure of the network resources and on-line services to attacks from the Internet, and evaluate the effectiveness of network controls including firewalls, routers, and servers to prevent such attacks.
Process
- A penetration test will determine if :
- your data can be manipulated or stolen;
- your core services can be compromised;
- your classification barriers can be compromise because:
- your network possesses design problems;
- your systems are inadequately configured;
- your firewall is inadquately configured.
- While examining your company's exposure to the Internet, we assume the role of a "hacker" and attempt to access your network from the outside (off-site). For testing purposes, we are usually given extensive information about the network in order to give you a more comprehensive analysis of your network security. Consequently, we are able to take on the appearance of an unknown system from outside the network, while still determining if there are any backdoors or unusual third party trust issues. The vulnerabilities we discover can be viewed as ones that any attacker may find while testing the network and connected systems.
- Although our test goals depend on your specific requirements, they could include discovering the vital systems within the network, discovering network vulnerabilities and accessing systems inside a firewall. We review the risks existing in connection with the data integrity of the systems, such as the ability to alter or delete data. We also look for evidence of unauthorized entities on the client's network or any attempts to gain such unauthorized access. Implementation of the following would be considered a successful breach of security: data theft or data manipulation.
- All testing is done in a manner that maintains data integrity and avoids network downtime or data loss.
Reporting
- During testing Alert247 notifies the customer of critical security problems immediately, in some cases providing interim reports detailing the attack and recommendations.
- Upon completion of testing, the results of all work is summarized into an executive summary and a detailed list of all the test "attacks" and the coinciding results are compiled into our final report. Issues across all aspects of security within the customer's network environment are included in our comprehensive report including: vulnerabilities in service, network architecture, system configuration, Internet applications and administration.
- Each vulnerability is written up detailing how the vulnerability works, potential threats and severity associated with the attack, and specific recommendations for addressing the problem. Feel free to check our sample report.
-
-
|
|
|
