Network SecurityDionach provide external and internal security assurance through skilled external and internal penetration testing, and an on-site security audit of key network assets. Security vulnerability assessment and penetration testing is a key requirement in determining whether security policies are effective.
Penetration testing is carried out in an environment any potential hacker would be faced with and our highly skilled consultants will use manual methods as well as commercial and non-commercial tools to carry out a full security vulnerability assessment.
As the number of applications and networks in use today continues to rise, penetration testing on external networks, web applications, internal networks, 802.11 wireless networks, VoIP and modem sweeping (war dialling) has never been more vital.
Regular testing and auditing will give confidence to management as well as customers who are more aware than ever before of the potential threat of online information theft. Testing is also required for compliance to financial regulations such as Sarbanes-Oxley, compliance to PCI DSS for online payments, and standards such as ISO 27001.
External network penetration tests are key in determining the risk to your organisation from external threats.
Read more on network penetration testing.
A security audit examines the effectiveness of an organization’s security infrastructure and security policies relating to hardware, software and users from a technical viewpoint.
Read more on network security auditing.
An internal penetration test is an attempt to gain access to internal systems from either the perspective of an attacker who has internal access or an employee with low access privileges. Often deemed low risk by management, internal security risks can often pose a substantial risk.
Read more on internal penetration testing.
War driving has been popular among hackers for years, as many wireless networks using WiFi (the IEEE 802.11 standard) are easy to setup and use without any encryption. The first encryption method used (WEP) is now considered very weak however is still widely used.
During a wireless LAN test, Dionach will attempt to map, identify and gain access to any target wireless LANs discovered at the physical site being tested.
The report will provide an executive summary section with a non-technical explanation of the impacts and likelihoods of the more serious issues, as well as a more in-depth technical section.
VoIP is the communication medium of the future although VoIP security is a vital element of any system. There are many potential issues to consider include eavesdropping, the use of sniffing tools, attackers being able to make free calls, and VoIP opening perimeter holes in an otherwise well protected network.
IP Phones, the VoIP Gateway and PC software based phones are key components in any VoIP system and need to be secured and encrypted for minimum leakage.
Dionach will attempt to exploit VoIP security issues on site and externally where possible during a VoIP penetration test.
The report will provide an executive summary section with a non-technical explanation of the impacts and likelihoods of the more serious issues, as well as a more in-depth technical section.
