Penetration Test

A penetration test is a set of procedures designed to bypass the security controls of a system in order to test the system’s resistance to attack.

The basic stages of a test are:

• Information gathering or foot printing
• Scanning for external network services
• Attempting to penetrate the network by exploiting any services discovered
• Producing a detailed report of vulnerabilities and recommendations

Features

The penetration test can be carried out on an external network address range, a 802.11 wireless network, a range of telephone numbers for modem scanning, and web site addresses for web application testing.

This independent test is carried out either from our penetration test laboratory in Oxford, UK or on site. Our consultants share a range of specialist skills and employ both manual techniques and the use of commercial, non-commercial and in-house developed tools to ensure that the test is comprehensive. The skills and tools are continually reviewed and updated to ensure that Dionach keep on top of the ever-evolving threats.

Benefits

You will know what external services are publicly available at a point in time and you can act to remove unnecessary services. As the test is independent, it is an objective assessment of your external security, and so is more likely to identify security weaknesses than if performed by those who are responsible for the security.

The test mimics how a real intruder may attempt to compromise the system and is an offensive rather than defensive security measure, and so is the best way to determine how secure your network is in reality. The test will highlight any serious weaknesses in your network before a real hacker exploits them.

The report creates management and board awareness of security weaknesses and improvements, and can be used to justify the security budget. A follow up test can verify the impact of a security program and justify the expense. Regular tests ensure that your network is not compromised by changes in network services and new vulnerabilities.

The test will determine your ability to detect and respond to security incidents, and so improve your detection and response effectiveness for the future. Positive results provide confidence in the security of the network infrastructure.

Report

The comprehensive report is split into two parts.

Executive Summary

This part of the report for senior management summarizes the main issues and provides recommendations in a non-technical way.

Technical Test Report

This is a detailed description of all highlighted issues, possible ramifications found by the penetration test and recommendations to rectify these. This will be listed in relevant categories with potential dangers scaled by urgency, from severe threats to general observations.

Timescales

Testing is typically carried out on a quarterly, six-monthly or annual basis. A test usually takes two weeks to carry out.

Please contact a business development consultant to discuss any of our services.