0

Penetration Testing – Your network isn’t secure just because you have a Firewall.

firewallAll systems are vulnerable, even those protected by a Firewall and Intrusion Detection Systems. The firewall protects your internal network but has to allow authorised incoming traffic into specific parts of the network to enable web browsing and email. These externally accessible machines are very vulnerable to malicious attacks.

 

After hardening the accessible servers it is essential that an independent audit be carried out to check all weaknesses are covered and that there are no new vulnerabilities. Even after hardening most servers are still vulnerable, therefore it is unwise to rely entirely on Intrusion.

Detection Systems and firewalls. Indeed, over reliance on this technology can lead to a false sense of security.

Do you hold business critical information? Deliberate attacks and hacking costs businesses worldwide billions of pounds each year. Without adequate IT Security you could still be vulnerable to these attacks. A Penetration Test will seek out and highlight any weak spots, enabling their elimination.

CE Ltd has over a decade of experience within the IT channel and our consultants have had many years applying their practical experience and knowledge. We carry out thorough Penetration Testing with a planned and methodical approach. There is no known issue that we cannot address, whether it is multiple Operating Systems, different network types, multiple Database types or complicated applications. Our consultants’ knowledge spans the entire range of expertise required to carry out any penetration audit. Vulnerabilities are identified, but never exploited, CE Ltd consultants do not “hack-in” to any systems and client data is never modified. All vulnerabilities are reported to the client in an indepth report that can often run to over 50 pages.

The Computrad Penetration Testing Service is formulated to achieve these key objectives:

  • Remove the burden of maintaining a secure network from your management team
  • Provide independent analysis of your network and locate vulnerabilities
  • Advise on the most effective solutions to secure your network

The Penetration Testing Service will provide a comprehensive, exhaustive security audit of your organisation’s Internet connection.

The testing will apply a battery of known hacking methods to create genuine results, from simulating external hacks to your firewall, to internal attacks on your LAN, Intranet Server and public website.

The level, type of attack and frequency of testing will be tailored to the needs of your organisation.

Reports

A formal report will be compiled, usually produced within 10 days of testing. This will include:

  • Business impact of vulnerabilities found
  • A summary of vulnerabilities identified, ranked from highest to lowest risk.
  • Detailed technical explanation of vulnerabilities found with recommended fixes
  • Complete list of tests performed

In addition, a debriefing session of up to one hour can be conducted by telephone, discussing the test report and offering further explanation.

Test Precautions

Before testing can begin the customer must complete and sign a technical detail form listing IP address range to be scanned. This will also indicate the date and time the testing is to be performed.

Some or all of the following tests may be performed:

LDAP LDAP config, LDAP null base
SNMP Disable Authentication Traps, Cisco pingball
File Grabbing NIS/TFTP/REXEC/RLOGIN/RSH/TELNET exploits
DCOM DCOM Default Access
D.0.S. SYN Flood, LAND, Ping of Death
E-Mail POP3, SMTP, IMAP, Sendmail, Qmail, Exchange
Firewall Socks, Proxy server configuration checks
FTP Bounce Attack, ftpd core dump
NFS NFS UID Vulnerability, NFS Writable
NT Groups, Networking, Services, Registry.
NetBios All Access NetBIOS Share – Everyone
Router CISCO, Ascend vulnerabilities
IP Spoofing ICMP Redirect, TCP Sequence Prediction
RPC RPC Statd file creation and removal bug
Trojan Horse Back Orifice, Netbus, Portd
X-Windows X Check allows keystroke capturing
Web Server HTTP, CGI, MS IIS vulnerabilities
Misc Samba, Sshd, Java, ActiveX vulnerabilities

Computrad

Leave a Reply

Your email address will not be published. Required fields are marked *