All systems are vulnerable, even those protected by a Firewall and Intrusion Detection Systems. The firewall protects your internal network but has to allow authorised incoming traffic into specific parts of the network to enable web browsing and email. These externally accessible machines are very vulnerable to malicious attacks.
After hardening the accessible servers it is essential that an independent audit be carried out to check all weaknesses are covered and that there are no new vulnerabilities. Even after hardening most servers are still vulnerable, therefore it is unwise to rely entirely on Intrusion.
Detection Systems and firewalls. Indeed, over reliance on this technology can lead to a false sense of security.
Do you hold business critical information? Deliberate attacks and hacking costs businesses worldwide billions of pounds each year. Without adequate IT Security you could still be vulnerable to these attacks. A Penetration Test will seek out and highlight any weak spots, enabling their elimination.
CE Ltd has over a decade of experience within the IT channel and our consultants have had many years applying their practical experience and knowledge. We carry out thorough Penetration Testing with a planned and methodical approach. There is no known issue that we cannot address, whether it is multiple Operating Systems, different network types, multiple Database types or complicated applications. Our consultants’ knowledge spans the entire range of expertise required to carry out any penetration audit. Vulnerabilities are identified, but never exploited, CE Ltd consultants do not hack-in to any systems and client data is never modified. All vulnerabilities are reported to the client in an indepth report that can often run to over 50 pages.
The Computrad Penetration Testing Service is formulated to achieve these key objectives:
- Remove the burden of maintaining a secure network from your management team
- Provide independent analysis of your network and locate vulnerabilities
- Advise on the most effective solutions to secure your network
The Penetration Testing Service will provide a comprehensive, exhaustive security audit of your organisation’s Internet connection.
The testing will apply a battery of known hacking methods to create genuine results, from simulating external hacks to your firewall, to internal attacks on your LAN, Intranet Server and public website.
The level, type of attack and frequency of testing will be tailored to the needs of your organisation.
A formal report will be compiled, usually produced within 10 days of testing. This will include:
- Business impact of vulnerabilities found
- A summary of vulnerabilities identified, ranked from highest to lowest risk.
- Detailed technical explanation of vulnerabilities found with recommended fixes
- Complete list of tests performed
In addition, a debriefing session of up to one hour can be conducted by telephone, discussing the test report and offering further explanation.
Before testing can begin the customer must complete and sign a technical detail form listing IP address range to be scanned. This will also indicate the date and time the testing is to be performed.
Some or all of the following tests may be performed:
|LDAP||LDAP config, LDAP null base|
|SNMP||Disable Authentication Traps, Cisco pingball|
|File Grabbing||NIS/TFTP/REXEC/RLOGIN/RSH/TELNET exploits|
|DCOM||DCOM Default Access|
|D.0.S.||SYN Flood, LAND, Ping of Death|
|POP3, SMTP, IMAP, Sendmail, Qmail, Exchange|
|Firewall||Socks, Proxy server configuration checks|
|FTP||Bounce Attack, ftpd core dump|
|NFS||NFS UID Vulnerability, NFS Writable|
|NT||Groups, Networking, Services, Registry.|
|NetBios||All Access NetBIOS Share Everyone|
|Router||CISCO, Ascend vulnerabilities|
|IP Spoofing||ICMP Redirect, TCP Sequence Prediction|
|RPC||RPC Statd file creation and removal bug|
|Trojan Horse||Back Orifice, Netbus, Portd|
|X-Windows||X Check allows keystroke capturing|
|Web Server||HTTP, CGI, MS IIS vulnerabilities|
|Misc||Samba, Sshd, Java, ActiveX vulnerabilities|