Ethical Security Testing
commissum as a fully accredited CREST company delivers penetration testing services that include thorough assessment of network vulnerabilities and their potential exploitation; the resulting reports include executive level summaries as well as technical recommendations for the improvement of the security of your networks.
- How vulnerable are you to a dedicated, well-resourced attack by a determined hacker?
- How vulnerable are you to a passing hacking attempt by a "cyber-vandal"?
- You may have unknown and undocumented points of access to the Internet.
- A professional hacker will target specific valuable corporate assets or attempt to effect maximum public embarrassment.
- The service covers both the broad security issues exploited by automated or low level attacks as well as simulating the dedicated attacker, testing the defences at the Internet gateway and within the network.
- The service provides a report on vulnerabilities, the risk they pose, their impact on your business, and recommendations for remedial action.
Penetration testing issues
This service simulates the action of dedicated hackers, testing the defences at the Internet gateway and within the network. The principle is that determined attackers will devote significant effort, and use sophisticated tools and techniques to penetrate the network.
Most commercial penetration testing services scan and test your Internet point of presence, which is your public gateway to the world wide web. These tests are useful in that they provide a "snapshot" of your current vulnerability to basic hacker attacks. What they do not do is tell you whether you have unknown and undocumented points of access to the Internet, or how vulnerable you are to a dedicated and well-resourced hack by a determined hacker.
It is also important to check your vulnerability to a determined attack by an insider, considering that sixty to seventy percent of organisations reporting incidents have suffered internal attacks, according to reputable security surveys.
The potential impact of these security breaches is high. A professional hacker will have a specific aim, such as valuable corporate information, or attempting to effect maximum public embarrassment through defacing websites, data theft, confidential information exposure, etc.
Penetration testing approach
The approach builds on the basic point of presence penetration test, with the addition of more time spent on areas such as research, more analysis of the web server and applications, and vulnerability scanning within the network (behind the firewall). The internal network can also be analysed for vulnerabilities.
The phases are as follows:
- Research: Check publicly-available information about network addresses and IT deployment that could be of use to a potential attacker.
- Enumeration: Scan by appointment with the organisation, stopping short of causing damage or disruption to systems.
- Exploitation: Identify the systems and architectural features, and analyse the potential for successful attacks on the firewall.
- Analysis and reporting: Correlate with known vulnerabilities, examine findings, inform client and reach conclusions on business impacts.
Customer benefits for penetration testing
commissum will produce a report indicating the vulnerabilities discovered and the potential impact on your business. The report will highlight the following:
- An executive summary for a non-technical audience.
- Recommendations for fixes of the vulnerabilities discovered.
- Cost-effective high-value improvements.
- Areas of risk to your business, with highlighting of their relative priority.
To supplement the report, commissum is also able to provide a follow-up presentation and interactive workshop. The aim is to work with the organisation to assist in development of a realistic, focused and prioritised plan of action to address the recommendations.
You can download details of this service as a PDF here:
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
Tue 21 May, 2013 //
Wed 08 May, 2013 //
Tue 30 Apr, 2013 //