PENETRATION TESTS
One of the most popular methods of information security audit is the penetration test (also known as the 'pentest' or 'controlled IS breach'). This is a controlled attempt to 'crack' the security system of a client's network, where the auditor acts from the position of a potential attacker trying to exploit the client's data protection system vulnerabilities.
A Penetration test consists of two parts: the breach or attack on a network’s DMZ, Firewall, Proxy servers etc. (external test) and the breach or attack on a network’s database, web hosting servers etc. (internal test). An all-out attempt to covertly gain access to a company’s critical control systems, using both cyber and physical means, is called a Black Box Test. Internal testing may be performed via the tester’s computer or a standard workstation of the client.
The penetration test methods may include software tools, manual analysis and social engineering methods. The goal is to evaluate the security awareness level of the client's employees. Employing the same social engineering methods that hackers would use against the client’s organization, the testers are trying to gain access to the information system and are studying how the system’s users and security administrators are reacting to the attempt of system penetration. End users of the information system are often exposed to attacks of cybercriminals, and in the case of a successful attack the attacker gains access to the client’s workstations, confidential data and can use the client’s computing resources as a springboard for attacks on other organizations and for other malicious actions, such as spam.
On the basis of penetration test results a Security Awareness Plan will be developed by BLACKHAT Solutions' experts to provide recommendations on mitigation and remediation of identified problems. Our clients have the option of the STAGE 2 service to evaluate the efficiency of their current Security Awareness Plan.
