Network Security & Pen-Testing

Emulating the Bad Guys

Pen TestingA Penetration Test, or Pen Test, is the process of actively testing your organizations security measures by attempting to penetrate network security using a variety of measures. It is, in essence, hacking your organization in order to evaluate and harden the security measures already in place.

What is tested?

A penetration test will involve the systematic analysis of all the security measures in place. A full project should include some or all of the following areas, with the exact requirements usually being agreed in a formal scoping document prior to commencing (this list is provided courtesy of the OSSTMM):

  • Network Security
  • Network Surveying
  • Port Scanning
  • System Identification
  • Services Identification
  • Vulnerability Research & Verification
  • Application Testing & Code Review
  • Router Testing
  • Firewall Testing
  • Intrusion Detection System Testing
  • Trusted Systems Testing
  • Password Cracking
  • Denial of Service Testing
  • Containment Measures Testing
  • Information Security
  • Document Grinding
  • Competitive Intelligence Scouting
  • Privacy Review
  • Social Engineering
  • Request Testing
  • Guided Suggestion Testing
  • Trust Testing
  • Wireless Security
  • Wireless Networks Testing
  • Cordless Communications Testing
  • Alarm Response Testing
  • Location Review
  • Environment Review
  • Privacy Review
  • Infrared Systems Testing
  • Communications Security
  • PBX Testing
  • Voicemail Testing
  • FAX review
  • Modem Testing
  • Physical Security
  • Access Controls Testing
  • Perimeter Review
  • Monitoring Review

Network Security

Deliverables

After the completion of a penetration test the deliverables will included a detailed analysis of the methodology used to conduct the test, the results of the various attempts at compromise, as well as detailed documentation on remediation of any security flaws found.