Print Friendly

Penetration & Vulnerability Testing

SystemExperts regularly performs external and internal penetration and vulnerability type testing projects.  For each of the scenarios described below, our reports focus on concrete and practical measures you can take to address any deficiencies we might find.  The goal of any of these tests is to determine if any vulnerable resources are exposed on the network that might allow a resolute attacker to access resources or systems.

SystemExperts never outsources nor subcontracts this work.  We never use hackers, and we never leave systems in a less secure state than when we found them (no back doors) – many other firms cannot say the same.  When performing our penetration and vulnerability testing projects we only perform work on the hosts and services that were previously agreed to.

Sometimes, customers have unique circumstances that need to be exercised as part of a penetration or vulnerability testing project such as performing a denial-of-service against a certain host or service or performing a social engineering exercise to see if their employees are following standard operating procedures for physical access or giving out information.  Those types of activities are not part of our default testing methodology but we can perform those projects after negotiating well-understood conditions and restrictions.

We never, however, test against any IP address not associated with the target environment that you do not own or manage.

seInternetExp

Some of the penetration and vulnerability testing scenarios we frequently perform include:

External Vulnerability Assessment

Also known as Internet Exposure Profile (IEP), Tiger Team Attack, or White Hat Penetration Testing.

As a skillful outsider on the Internet, we focus on vulnerabilities related to TCP/IP protocols and services.  We specifically look for problems in your DMZ or firewall setup, the configuration of your systems, and unauthorized access to resources in your environment.  An inventory scan is performed on each of the IP addresses looking for open ports, protocols, or services.  Once that inventory list is created, we will attempt to uncover and identify vulnerabilities that leave you susceptible to exploits by a malicious user.

Typically, at a protocol level we check TCP, UDP, IP, IPSec, PPTP, SNMP, SMTP, LDAP, HTTP, SMB, RDP, SSL, and RPC.  Similarly, at a service level, we check VNC, Terminal Services, FTP, TFTP, TELNET, NFS, SSH, NEWS, NTP, DNS, Microsoft File Sharing, and WWW.

The analysis is performed using a combination of industry approved assessment tools, Open Source applications, and custom tools to analyze the environment and identify likely exposures.

Contact SystemExperts to learn more about our penetration and vulnerability testing services.

Internal Vulnerability Assessment

The Internal Vulnerability Assessment (IVA) is like the External Vulnerability Assessment (or IEP as we call it) except the testing is peformed against your internal network.   That is, we focus on vulnerabilities related to TCP/IP protocols and services.  An inventory scan is performed on each of the IP addresses looking for open ports and protocols.  Once that inventory list is created, we will attempt to uncover and identify vulnerabilities that leave you susceptible to exploits by a malicious user.

Typically, at a protocol level we check TCP, UDP, IP, IPSec, PPTP, SNMP, SMTP, LDAP, HTTP, SMB, RDP, SSL, and RPC.  Similarly, at a service level, we check VNC, Terminal Services, FTP, TFTP, TELNET, NFS, SSH, NEWS, NTP, DNS, Microsoft File Sharing, and WWW.

The analysis is performed using a combination of industry approved assessment tools, Open Source applications, and custom tools to analyze the environment and identify likely exposures.

Contact SystemExperts to learn more about our penetration and vulnerability testing services.

Penetration Test

Similar to the External or Internal Vulnerability Assessments, we focus on vulnerabilities related to TCP/IP protocols and services.  An inventory scan is performed on each of the IP addresses looking for open ports and protocols.  Once that inventory list is created, we will attempt to uncover and identify vulnerabilities that leave you susceptible to exploits by a malicious user.

For the Penetration Test, most of the work performed is focused on attempting to actually exploit the exposures identified and attempt to gain administrative privileges on systems or see if we can reach sensitive, private or confidential data.

However, the consultant will not attempt exploits that may negatively impact the production environment.  The objective of this test is to penetrate with the intent of gaining access to sensitive information and critical services or systems.

Contact SystemExperts to learn more about our penetration and vulnerability testing services.

IP Services Inventory

Large organizations often lose track of the IP-based services they have exported to the network.  Periodic scanning of their address space enables them to better manage their exposure by eliminating unnecessary security vulnerabilities.

SystemExperts will scan your IP address space for IP-based services.  For each IP address scanned, SystemExperts will look for service availability on well-known TCP and UDP ports and we will categorize whether service availability is either open (reachable) or closed (not reachable).   The deliverable is a table containing the IP Services Inventory.

Some of our clients stop at this point and remove any unexpected/unnecessary services that we found.  Others prefer more closure. After remedying the problems, they provide us with a re-scan list.   SystemExperts then re-scans the IP addresses in the list and updates the IP Services Inventory table to reflect any changes.

Contact SystemExperts to learn more about our penetration and vulnerability testing services.

Firewall Review

Firewall rules tend to grow by accretion; changes to the rules are made to support the evolving needs of the business and they tend to accumulate over time.  Too often:

  • The rule set grows too large to be readily understood.
  • Later rules contradict earlier rules.
  • A particular business need that required a specific opening in the firewall, no longer exists but the opening remains as a historical artifact.

SystemExperts will work with you to document how the firewall should function and review the configuration to determine if it is consistent with the expected behavior.

Contact SystemExperts to learn more about our penetration and vulnerability testing services.

Learn more about External Vulnerability Assessment, Internal Vulnerability Assessment, Penetration Test, IP Services Inventory, or Firewall Review

Contact SystemExperts to learn more about our penetration and vulnerability testing services.