Vulnerability Assessments & Penetration Testing

Firewall Vulnerability Assessment

This service reviews policies on a rule by rule basis. Each rule receives a risk exposure score based on an algorithm applied to rule fields such as the zone, source, destination and service fields. Rules with a score above an acceptable threshold are identified as security risks for further scrutiny. A Vulnerability(or Security) Assessment focus is on finding security holes which may or may not be used to get in or steal data. Assessments are broader, and often include explicit policy and procedure review.

Penetration Test

Focused on finding security vulnerabilities in a target environment that could let an attacker penetrate the network or computer systems, or steal information

  • Using tools and techniques very similar to those employed by criminals
  • To prevent a thief, you may need to think like a thief
  • The goal is actual penetration - compromising target systems and getting access to information

Types of Ethical Hacking and Penetration Tests

  • Network services test
  • Remote, across the Internet
  • Local, from the target facilities
  • Web application test
  • Remote dial-up war clial test
  • Wireless security test
  • Social engineering test

Why do a Pen Test?

  • To test things as they actually are, not as they are intended to be
  • It is deeper than most audits
  • Help determine risk levels better than typical technology reviews
  • Pen testing and ethical hacking help to find mistakes that other approaches miss
  • Identify unknown problem with configuration or architecture that might be overlooked in a review