Finding vulnerabilities in your own systems before somebody else does it is an important process for your own infrastructure security. A Network Penetration Test has the purpose of identifying the vulnerabilities, focusing on the major impact areas for the business.
A Network Penetration Test is oriented to the evaluation of network and systems security and configurations. It can be executed from the inside (Internal PT), from the outside (External PT) and with different levels of knowledge and access to the client's infrastructure and resources (Black Box, Grey Box e White Box).
So it's possible to simulate different sets of attacks. A Black Box external PT, for instance, aims to identify which damage can be caused by a casual attacker external from the organization, whereas a Grey Box Internal PT simulates an ill-intentioned employee.
ISGroup ISGroup is the ideal provider for your Network Penetration Test needs and acts with seriousness according to internationally recognized standards at the highest quality levels thanks to a steady commitment in the research area. Contact us to request a personalized preventivo.
Electronic trading, on-line B2B (Business-to-Business) and global connectivity, fundamental components of any successful business strategies, require that corporates adopt security processes and practices.
Most companies operate diligently in order to maintain an efficient and effective security policy that implements the most recent products and services to prevent frauds, vandalism, sabotage and DoS (Denial of Service).
Despite this fact, several companies don't put the right emphasis to a key ingredient for the success of a security policy: to verify that networks and security systems function as planned.
Network Penetration Test activities, using tools and methods to scan the network infrastructure in search of vulnerabilities, helps putting the finishing touches to a corporate security policy, identifying vulnerabilities and assuring that the security implementation really provides the protection that the company demands and needs.
Performing regularly Penetration Test helps companies to discover their network security weak points, that may lead to compromised or destroyed data and equipment by Exploit, Virus, Trojan, Denial of Services attacks and other intrusions. The analysis can exhibit other vulnerabilities that can be introduced from patch and updates or from errors on Server, Router and Firewall.
Network Penetration Test briefly:
The Network Penetration Test service is performed by skilled professionals according to internationally recognized methodologies, such as OSSTMM (Open Source Security Testing Methodology Manual, an Open Source guideline for the execution of security tests for infrastructures and cyber assets), suitable for the client's specific needs and for the attack area.
Each ISGroup service is personalized according to client's needs and can be integrated with our other services and products. A NPT can focus on purely technical items but can even be extended to people, processes (Social Engineering) and physical security aspects. The client will decide which are the most important aspects of the activity and where to direct the effort of the attack team.
All the most critical tasks and techniques are conducted by senior researchers to guarantee the maximum professionalism, so that there will be no damages neither to the infrastructure nor to the data.
Testing activity results are summarized and presented in the Report, a simple and detailed document formed by three main sections.
From the outside (External PT) or the inside (Internal PT) of the network and with the desired level of information chosen by the client (Black Box, Grey Box and White Box) to simulate different attack scenarios.
ISGroup performs its own tests according to the following operational modalities:
Internal PT
Tests are performed within the business network.
External PT
Tests are performed externally from the business network.
Moreover, it is possible to diversify between Black Box, Grey Box and White Box testing, according to the information provided on the systems that we have to attack. Here are some examples and sets:
External PT Black Box
It simulates a casual or external attacker (such as a dishonest competitor) without access to specific information and access credentials to the company.
Internal PT Black Box
It simulates an attacker that has physical access (such as an external consultant o a visitor in a meeting room) or a remote one (such as a jeopardized secretary's computer) to the business network.
External PT White Box
It tries to undermine externally exposed components in order to understand which level of access an attacker can obtain to the other corporate assets.
Internal PT Black Box
It simulates an attacker that has physical access (such as an external consultant o a visitor in a meeting room) or a remote one (such as a jeopardized secretary's computer) to the business network.
Wireless Penetration Test
It tries to undermine the wireless infrastructure. It simulates an attacker that is physically close to a company's building where a wireless network is installed.
Social Engineering
Instead of attacking the sole technical aspects, the human component is attacked with manipulation techniques. We try to induce people to take actions or to reveal information.
The Report is a simple and detailed document that summarizes the results of the activity and it is divided in three different areas, as described previously:
Executive Summary
It is placed at the beginning of the Report and it is no longer than one page. It consists in a non-technical overview, destined to Management.
Vulnerability Details
It consists in a technical part describing the discovered vulnerabilities and their impact in detail. It is dedicated to the Security Manager.
Remediation Plan
A technical section with detailed and precise instructions on how to resolve the identified problems. Dedicated to the System Administrator.
Working with us is pretty simple, just call the number (+39) 045 4853232 or send an e-mail so that we can get to know each other and discuss about your IT Security needs.
Request a quotation for