Penetration Testing

A penetration testing is used to determine if and exactly what kind of information someone is able to retrieve from your network. This is commonly referred to as ethical hacking. During this process we actually use the same tools that hackers would use to gain access or control of the systems and information that are to be protected. We will also try to avoid being detected by any Intrusion Detection Systems (IDS).

External Penetration Testing is the traditional approach to penetration testing. The testing is focused on the servers, infrastructure and the underlying software comprising the target. It may be performed with no prior knowledge of the site (black box) or with full disclosure of the topology and environment (white box). This type of testing should typically involve a comprehensive analysis of publicly available information about the target, a network enumeration phase where target hosts are identified and analyzed and the behavior of security devices such as screening routers and firewalls are also analyzed. Vulnerabilities within the target hosts should then be identified, verified and the implications assessed.

Like software applications that are beta tested by live users, penetration tests are an established technique for live testing of network security. Many organizations that use our services for these types of tests, do so on a regular basis to continuously evaluate their security status, not only for validation of their infrastructure, but for continued efforts in remaining compliant with federal regulations.

This service is typically performed after an External Vulnerability Assessment and is done remotely. We include an Intrusion Detection System (IDS) Assessment as part of the service.

The subsequent report will include what was accessed, the potential risk associated with any identified vulnerabilities, and recommendations for remediation.