 |
|
|
Intrusion
Testing |
Our team
of intrusion specialists takes a snapshot
of your security using the same techniques
and tools as those that are typically
used in intruder attacks.
The main points of focus in these tests
are the threats and security holes that
jeopardize your information systems,
both from a technical standpoint (design,
installation) and from an organizational
standpoint (personnel responsiveness).
These tests are ideal for evaluating
the possibility of penetrating your
systems and compromising your security
procedures, and they are also suitable
for educating technical and non-technical
personnel with respect to security factors.
| Benefits |
|
|
|
•
|
Tests
the response time of your supervisory
staff to intrusion attempts |
|
|
|
|
•
|
Identifies
exploitable security holes in
your computing environment |
|
|
|
|
•
|
Informs
your organization's senior executives
of the real security holes that
threaten your information systems |
Characteristics
Intrusion tests should not be performed
only using automated tools. Most of
these tools focus on known network,
operating system, and application security
holes. Custom Web applications often
contain security holes that provide
direct access to your critical data.
Finding these vulnerabilites calls for
more advanced application testing.
| In
general, our intrusion tests include: |
|
|
|
•
|
data
collection: whois, DNS (A, MX,
NS records, zone transfers), traceroute,
search engines (email addresses,
Web addresses, newsgroups), portscan
(nmap), OS detection, software
version detection (banners, sendmail,
etc.); |
|
|
|
|
•
|
non-aggressive
manual and automatic tests; |
|
|
|
|
•
|
scans
for potential security holes,
and attempts to exploit them. |
| Other
possible tests include: |
|
|
|
•
|
denial
of service (DOS) attacks; |
|
|
|
|
•
|
modem
detection; |
|
|
|
|
•
|
detection
of unauthorized wireless connections; |
|
|
|
|
•
|
etc. |
Our findings are thoroughly documented
in a report that details the methods
used and the results of our attempted
attacks. A final section contains recommendations,
which are organized by priority and
constraints, and are also presented
in the form of action sheets for each
required task. |
|
|
|
|
|
|
 |
|
