Penetration & Vulnerability Testing NF

(Also known as Tiger Team Attack or White Hat Penetration Testing)

As a skillful outsider on the Internet, we focus on vulnerabilities related to TCP/IP protocols and services. We specifically look for problems in your DMZ or firewall setup, the configuration of your systems, and unauthorized access to resources in your environment. In this test scenario, we will attempt to gain administrative privileges on systems and see if we can reach data.

We can perform both Application Vulnerability Testing (AVT) and Web Application Vulnerability Testing(Web AVT) depending on your needs. Our Web Application testing assesses the platform associated with the customer’s application as a skillful attacker and documents the findings and provides recommendations. During the analysis, the consultants look to exploit deficiencies in the application or web pages themselves, to escalate privileges, access other network systems or services, or identify instances where customer-private data may be exposed.

Many organizations deploy standard builds to support key Internet accessible services or environments. These builds typically consist of class of computers, an operating system configured in a particular way, and a set of layered software products. Fully understanding the security profile of your standard platforms is critical in understanding the security profile of your enterprise.

In other cases, organizations deploy mission critical applications on a hardware and software platform outside the firm’s technical expertise. Assessing the security hardening of these critical systems makes sense.x.

Large organizations often lose track of the IP-based services they are exporting to the Internet. Periodic remote scanning of their external address space enables them to better manage their exposure by eliminating unnecessary security vulnerabilities.

SystemExperts will remotely scan your external IP address space for IP-based services accessible from the Internet. For each IP address scanned, SystemExperts will look for service availability on well-known TCP and UDP ports and we will categorize whether service availability is either open (reachable) or closed (not reachable). The deliverable is a spreadsheet containing the IP Services Inventory.

Some of our clients stop at this point and remove any unexpected/unnecessary services that we found. Others prefer more closure. After remedying the problems, they provide us with a Re-scan List. SystemExperts then remotely re-scans the IP addresses in the Re-scan List and updates the IP Services Inventory spreadsheet to reflect any changes.

Firewall rules tend to grow by accretion; changes to the rules are made to support the evolving needs of the business and they tend to accumulate over time. Too often, the rule set grows too large to be readily understood. Too often, later rules contradict earlier rules. Too often, a particular business need that required a specific opening in the firewall, no longer exists but the opening remains as a historical artifact. SystemExperts will work with you to document how the firewall should function and review the configuration to determine if the configuration is consistent with the expected behavior.

While Internet-based attacks get the headlines, hackers continue to use direct dial attack techniques to do significant damage to companies. By systematic dialing and analysis of your telephone resources, we will assess your exposure to this classic form of hacker attack