A penetration test subjects a system to real-world attacks selected and conducted by our security staff. The benefit of a penetration test is to identify the extent to which a system can be compromised before an actual determined attack. Our test results will show either you where you to need enhance your security, or let you know that you should sleep better at night. Only a real penetration test can simulate what would happen if a determined hacker were to attack your organization.
Adept offers two discreet types of Penetration Testing
Adept's penetration tests can be used to ratify your security and network infrastructure. They will highlight areas of misconfiguration, information leakage, poor patching and poor application/ server coding. Instead of presenting a report that simply details your vulnerabilities, Adept will pay particular detail on how you can improve your infrastructure and become more secure moving forward. Adept aims to help organizations fix their Security vulnerabilities today, and deploy more secure Network and server based solutions for the future.
External Penetration Testing. Conducted on your Internet Infrastructure
Adept ISM’s Penetration testing covers the following areas
Internal Penetration Testing. Conducted on your internal network & server environment
Intranet Security Testing
While outside threats must be guarded against, business must also protect against potential threats from within their own networks. Using many of the same techniques and procedures for Internet Security Testing, Adept ISM provides Intranet risk assessment and analysis to protect against the potential threat posed by insiders.
Dial-in RAS Security Testing
Dial-in links pose a potential threat to the integrity of the network security system. Mitnick Security Consulting examines dial-up connections that allow employees to access the network through public telephone lines or other dial-up connections.
Web Application Assessment
This assessment examines what services are being offered on Web-based portals and e-commerce applications to examine potential vulnerabilities with respect to authentication, authorization, data integrity, data confidentiality, and consumer privacy concerns.
Wireless networks, while highly convenient, present additional security threats since the wireless signals are not limited by the physical boundaries of a traditional network.
Social Engineering Assessments
Social engineering involves manipulating and/or deceiving company employees and other human resources to gain unauthorized access to a network or to confidential information. Adept ISM is the premier consulting firm in its ability to identify weak links in the security chain through exploitation of human vulnerabilities.
Client lists, credit card records, and other confidential information held in databases must be given particular protection from unauthorized disclosure. Adept ISM tests database integrity to determine whether any vulnerability may compromise this sensitive information.
Adept ISM's Penetration Tests follow a blackhat approach to vulnerability assessment. Our consultants will perform analysis of your infrastructure without being given any prior information about the types of devices or services that you operate. This simulates what a true intruder would be able to find out about your networked infrastructure. Although we can conduct Denial of Service attacks on your infrastructure, our testing attempts to be non-obtrusive. Unless we are expressly asked to conduct DoS attacks, Adept will try to ensure that there is no loss of service to the infrastructure we are testing.
1. External Penetration Testing
Most organizations now have connectivity to the Internet, utilizing fixed link or dial-up connectivity. In an attempt to prevent unauthorized users from accessing corporate resources, many of these organizations have implemented bastion level Firewalling. Unfortunately, this is often all that is implemented, and it is often installed or setup by a third party that does not keep it up to date or monitor it to assess any of the data that it blocks. As a consequence, an infrastructure that was installed one month can be out of date 6 months later. Internet Security is more than just Firewalling. Infrastructure Security is about the configuration and user accounts that sit on machines, about ISP routers, Host and Network based Intrusion Detection Systems, information leakage and honey pot decoys. Similarly it is about removing unnecessary services that run on machines whilst also maintaining the latest security fixes and service packs.
Adept offer a series of Internet Services that can assist an organization in deploying a secure Internet infrastructure that is kept up to date and well maintained. As part of this portfolio of services, Adept is able to offer a full Penetration Test to identify all areas of concern. This test uses ethical hacking techniques to identify areas of weakness and can demonstrate how far in to an organization’s infrastructure an attacker could traverse. The penetration test can identify poorly configured Routers, Firewalls, and Internet Facing Web Servers and can be used to attempt to gain access on to internal resources through these staging devices.
Adept recommends that organization should consider carrying out a penetration test on a bi-annual basis to identify vulnerabilities specific to their Internet presence and identify any new threats that might be unearthed in their existing code.
2. Internal Penetration Testing
Most organizations take Security seriously when it comes to protecting their infrastructure from the Internet. Organizations will often spend many thousands of pounds on Bastion & Stateful Inspection firewalls, as well as Internet IDS and Content Checking engines. Some more proactive organizations will have their Internet infrastructure pen-tested to sanity check their Firewalls, Servers and Applications. All of these procedures are good practice, but they don't really protect an organization from the threat within.
Adept believes that Enterprise Security is a holistic ideology. It is not about protecting an environment purely from the Internet or remote access threats, but rather about protecting all aspects of corporations IT infrastructure. That means deploying secure routers, switches, bridges and IPT systems. It means building secure internal & external servers as well as secure clients and workstations.
Adept provides internal vulnerability assessments and penetration tests to help organizations understand where their security issues reside. The review is designed to take a pragmatic approach to vulnerability assessment, identifying key areas where security is weak, whilst also addressing methodology to improve end-to-end security controls. This review is vendor agnostic, and requires no input from the customer. Instead, Adept ISM's consultants act as if they are an unprivileged user without any information about the company's network environment. Armed simply with a live Ethernet port, the consultant examines the entire local network infrastructure for "interesting information" and builds an overall view of the organizations internal security vulnerabilities and controls. Once this review has been conducted, a series of documents will be produced.
Penetration testing report which details the vulnerabilities with respect to specific applications and services with qualified severity, and risks with the successful exploits & methods used and a technical risk assessment based on severity levels of successful exploits.