|
|
|
|
|
|
|
Example
Results:
Reporting
|
|
|
|
|
|
|
|
What
is a Penetration
Test?:
The
authorized,
scheduled and
systematic process
of using known
vulnerabilities in
an attempt to
perform an intrusion
into a host, network
or application
resources. The pen
test can be
conducted on
internal (a building
access or host
security system) or
external (us
connected from the
outside via the
internet) resources.
What
is not a Penetration
Test?:
A
pen test is not an
uncoordinated attempt to
access an unauthorized
resource. The event must
be coordinated and
scheduled with support
staff. At minimum, some
of these tests will log
alerts in an Intrusion
Detection system.
Additionally, some tests
have the ability to
cause a decrease in
network speeds and
performance. For that
reason, management and
staff awareness is
required in most cases.
The exception to
complete notification
could be a pen test
intended to test the
Intrusion Detection
system and staff
response.
Why
Perform a Pen Test:?
If a vulnerability is
utilized by an
unauthorized individual
to access company
resources, company
resources can be
compromised. The
objective of a
penetration test is to
address vulnerabilities
before they can be
utilized. A pen test is
a point in time test so
we suggest having a test
performed as often as
possible.
(automated penetration
test can be set up on a
weekly, monthly or
quarterly basis at your
request).
What should be tested:?
Core systems offered by a company should always be tested. These include Mail, DNS, firewalls, passwords, FTP, IIS, and Web Servers. Companies should also test other potential methods for accessing the computing, network
resources and or obtaining information. These include physical access to the computing network and backup areas in addition to social engineering access attempts. This is not included in the Marvin Penetration
Test but is available through our IT Audit Services.
Tools usually used in a
Penetration Test:
Nessus,
John the Ripper, NAT,
L0pht Crack, QUALYS,
Whois, NsLookup, Ping,
Telnet, Tracerout
|
|
|
|
|
|
|
|
