Penetration Testing

new-pen

The importance of a penetration test (“Pen Test”)

Penetration testing helps answer the question, “how effective are my computers, network, people, and physical security at deterring a highly motivated and skilled hacker?”  A Pen Test is a simulated cyber attack that offers unparalleled insight into an organization’s data security effectiveness.  During the test, security vulnerabilities are identified and attempts are made to compromise systems and gain unauthorized access to data.  At the conclusion of the test, TCDI provides a written report summarizing the vulnerabilities identified, threat level, and suggested remediation steps.

Penetration testing services

Penetration testing services are highly customizable and can focus on one or several areas. The four main categories of tests available are the internal pen test, external pen test, wireless pen test, and social engineering.

  • Internal Pen Test: Analyzes an attack from inside the firewall by an authorized user or hacker who has gained access to the network.
  • External Pen Test: Addresses the ability of a hacker to gain access to the internal network from outside the firewall.
  • Wireless Pen Test: Reveals vulnerabilities on your wireless network that may allow unauthorized access to data and systems.
  • Social Engineering: Tests how well your “human network” defends against attacks such as phishing scams and unauthorized physical access.

Pen testing process

Our goal is to identify systems that exhibit known vulnerabilities, weak configurations, or out-of-date software, and to measure the impact of those vulnerabilities on the network as a whole. We begin our testing with automated vulnerability scanning tools; these allow us to identify common weaknesses quickly.  With this in mind, our engineers endeavor to go beyond what automated tools can hope to discover. We routinely write custom attack programs, or modify existing techniques to take advantage of security conditions that are unique to a given customer environment. We apply logic and human understanding to the data that is collected. Our goal is not merely to issue a list of what known vulnerabilities are present on the network; instead, we’re trying to offer insight into the degree of risk posed by a patient and skilled intruder.

We use commercial tools, open source tools, custom tools, and more importantly manual testing to mitigate false positive vulnerability and exploit reports. We are firm believers that no single tool can find everything so we use multiple techniques to be able to report on real vulnerabilities and exploits.  We are meticulous in our testing and take great care not to disturb the networks we assess. We will schedule potentially disruptive vulnerability testing at designated times so that we do not cause a service interruption to network users.

Once the scans are complete, our team will spend time reviewing the data as a whole. We pride ourselves on providing a holistic approach to security, and the data that our engineers collect will be in the form of discrete separate units. The review will allow TCDI to comb through the combined scan results, looking for subtle relationships between hosts that might otherwise have been overlooked.

At the conclusion of the penetration test, a detailed report summarizing the project is provided as the deliverable.  The report contains several elements, including an executive summary, project methodology, systems tested, detailed summary of findings, risk overview, and recommendations.  The end result of the test is either confirmation that systems are effectively secured or the identification of vulnerabilities that require remediation efforts.

Conclusion

Penetration tests offer unparalleled insight into an organization’s security effectiveness as well as a road map for enhancing security.  By hiring experts to simulate a cyber attack, vulnerabilities can be identified and corrected before they are exploited by a hacker or malicious insider.

To request a quote for penetration testing services, please click here or call 1-877-840-4357.