. .

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

Detailed penetration testing for network security

Regular testing of your network infrastructure and applications is a critical activity for ongoing assurance that your network remains safe, and that your investment in perimeter controls is yielding the expected return.

commissum provides a comprehensive range of internal and external network and application testing services, as well as cost-effective vulnerability assessments in between these detailed tests.

Commisum's detailed penetration testing services provides both recommendations & improvements to your network

  • How vulnerable are you to a dedicated, well-resourced attack by a determined hacker?
  • You may have unknown and undocumented points of access to the Internet.
  • A professional hacker will target specific valuable corporate assets or attempt to effect maximum public embarrassment.
  • The service simulates the dedicated attacker, testing the defences at the Internet gateway and within the network.
  • The service provides a report on vulnerabilities and their impact on your business.

Penetration testing issues

This service simulates the action of dedicated hackers, testing the defences at the Internet gateway and within the network. The principle is that determined attackers will devote significant effort, and use sophisticated tools and techniques to penetrate the network.

Most commercial penetration testing services scan and test your Internet point of presence, which is your public gateway to the world wide web. These tests are useful in that they provide a "snapshot" of your current vulnerability to basic hacker attacks. What they do not do is tell you whether you have unknown and undocumented points of access to the Internet, or how vulnerable you are to a dedicated and well-resourced hack by a determined hacker.

It is also important to check your vulnerability to a determined attack by an insider, considering that sixty to seventy percent of organisations reporting incidents have suffered internal attacks, according to reputable security surveys.

The potential impact of these security breaches is high. A professional hacker will have a specific aim, such as valuable corporate information, or attempting to effect maximum public embarrassment through defacing websites, data theft, confidential information exposure, etc.

Penetration testing approach

The approach builds on the basic point of presence penetration test, with the addition of more time spent on areas such as research, more analysis of the web server and applications, and vulnerability scanning within the network (behind the firewall). The internal network is also being analysed for vulnerabilities.

The phases are as follows:

  • Research: Check publicly-available information about network addresses and IT deployment that could be of use to a potential attacker.
  • Enumeration: Scan by appointment with the organisation, stopping short of causing damage or disruption to systems.
  • Exploitation: Identify the systems and architectural features, and analyse the potential for successful attacks on the firewall.
  • Analysis and reporting: Correlate with known vulnerabilities, examine findings, inform client and reach conclusions on business impacts.

Customer benefits for penetration testing

commissum will produce a report indicating the vulnerabilities discovered and the potential impact on your business. The report will highlight the following:

  • Recommendations for fixes of the vulnerabilities discovered.
  • Cost-effective high-value improvements.
  • Areas of risk to your business, with highlighting of their relative priority. This is detailed more comprehensively than in the basic point of presence penetration test.

To supplement the report, commissum also provide a follow-up presentation and interactive workshop. The aim is to work with the organisation to assist in development of a realistic, focused and prioritised plan of action to address the recommendations.

You can download details of this service as a PDF here:

Icon commissum Penetration Testing (41.5 KB)

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"

Mr Duncan M, Information Security Manager - National Building Society