home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
point of presence penetration test previous servicenext service

headlines

scan and analysis of the firewall as it presents itself to the Internet

checks against a range of common vulnerabilities exploited by the hacker community

hackers using publicly available search tools and knowledge of a limited number of exploits are able to seek out and attack vulnerable systems

you are exposed to threats of systems penetration, data theft, systems corruption, or stealth activities

report on vulnerabilities and their impact on your business


issues

The Internet point of presence test checks firewall and web server defences against a range of common vulnerabilities exploited by the hacker community. The majority of hackers fall into a category known as "script kiddies". These hackers use publicly available search tools and a limited number of exploits to seek out vulnerable systems. Their target is not a specific company but gaining confidential or valuable information in the easiest way possible. It is this random selection of targets that makes this type of hacker such a dangerous threat. Everyone on the Internet is at risk. Having found a point of access, or even just recorded features of your architecture for future exploits you are exposed to threats of systems penetration, data theft, systems corruption, or stealth activities. This could include the use of your network facilities to mount email spamming, store inappropriate material, distribute viruses or launch denial of service attacks against other targets.

approach

A scan and analysis of the firewall as it presents itself to the Internet.

The phases are:

  • research - check publicly available information about network addresses and IT deployment that could be of use to a potential attacker
  • enumeration - scan by appointment, stopping short of causing damage or disruption to systems
  • exploitation - identify the systems and architectural features - analyse the potential for successful attacks on the firewall
  • analysis/reporting - correlate with known vulnerabilities examine findings, inform client and reach conclusions on business impacts

customer benefits
commissum produces a report indicating the vulnerabilities discovered and the impact on your business. The report highlights:

  • vulnerabilities discovered with an indication of their relative severity
  • recommendations for fixes or mitigation action for the vulnerabilities discovered
  • cost effective high value improvements
  • identifies areas that would benefit from more in-depth analysis

This service simulates the action of an "average" hacker in scanning and testing the client's defences at the gateway to the Internet. The principle is that the majority of hackers, "script-kiddies" (a hacker using readily available tools and lacking deep technical knowledge) will test the client's defences but will move on to other, softer targets if he/she meets resistance at the gateway. This is the minimum level of testing that all responsible Internet connected organisations should carry out.

For a more comprehensive and in-depth level of testing refer to the service sheet defining the commissum detailed penetration test service.

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
point of presence
penetration test		 detailed
penetration test		 application
test		  
   
site map

slash

 terms & conditions © 2001-2008, commissum