Penetration Test (VA/PT)
Criminal hackers try to gain access to corporate data for various reasons. Organizations protect against this with a number of security products like antivirus, firewall, intrusion prevention, network access control etc. But how safe are these products against hackers/malware? Our penetration test answers exactly this question. We simulate hacker attack on the client’s network. Using a combination of popular tools, proprietary scripts, and manual testing, we do our best to penetrate the network in a non-harmful way. After the attack, we point out all the flaws in the client’s defenses and help the client to improve infrastructure, configuration and processes as needed to permanently improve security.
Security Audit mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This audit examines internal and external IT systems for any weakness that could be used to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organization to address each weakness. For internal vulnerability assessments, risk analysis within the company behind the classic firewall structures takes place. All IT components, including distributed network structures, VPN and MPLS are subjected to a detailed analysis. During external security audits our auditors identify existing vulnerabilities with public IPs, Firewalls and DMZ which could be exploited by hackers. External risk analysis usually begins with a detailed reconnaissance phase.
Following components are analyzed during internal security audit:
- Network structure (wired, wireless, VPN, MPLS)
- Network Access Control
- Man-in-the-middle attacks
- Password Strength
- Authentication
- Checking for default or weak passwords of IT structures
- Brute-force attacks
- Checking local administration accounts and local user accounts for users rights
Services, system rights, active services - Configuration errors
- Vulnerability analysis of operating systems and patch levels used
- Vulnerability analysis of the application server and identified applications
- Analysis of virtual structures, access and authorization system for virtual environments
- Access protection on critical IT areas
- War-dialing
- War-driving
- Verification of the protection components (firewall, packet filtering, IPS, …)
- Penetration tests on the identified weaknesses