 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|||
 |
|||
 |
|||
|
|||
 |
|||
|
|||
| What is Penetration Testing? Penetration Testing is the process of emulating hackers when assessing the security of target hosts and networks. Penetration Testing (PENTEST) is also known as "Ethical Hacking", due to obvious comical reasons regarding the phrase "Penetration Testing". There is a distinct difference between Penetration Testing and Network Security Analysis or assessment. A Penetration Test will include an exploit phase with which the testing team can assess the real-world impact of a hacker compromising an e-mail or web server, attempting to circumvent security measures in place. Assessing the security of a network using various tools and/or utilities is effective to a degree, but does not always highlight risks that determined hackers will identify and exploit, especially in the case of more complex network topologies. A Penetration Test will give a client a crystal clear idea of the real-world threats that their business faces. A Vulnerability Analysis/Assessment or Penetration Test will be the first thing an organization will look to do in order to help manage their Information Security Risk. By identifying the vulnerabilities that exists in their networks, an organization can look at deploying an Information Security solution, such as a firewall or IDS (Intrusion Detection System). Information Security is a moving target, with hackers certainly leading the way in terms of offensive technologies that exploit vulnerabilities in systems. Following the philosophy of Vince Lombardi, legendary coach of the Green Bay Packers, many Information Technology professionals believe, "the best defense is a strong offense". Penetration Testing is the preferred preventive monitoring tool. Today, most Information Technology professionals consider PENTEST to be basic to firewall surveillance and responsible network security management. Even though it is axiomatic that no system can be 100% secure, it is equally sure that it is simply not practical to maintain network security today without some form of PENTEST. In Penetration Testing, companies' firewalls and defenses are actually "invaded" to determine where and how they may be vulnerable to attack. In the process, companies come to realize that firewalls, while critically important, are by no means an impenetrable deterrent to invasion. Attacks against network assets continue to rise dramatically. Sophisticated tools developed by experienced hackers are now distributed freely across the Internet. These tools allow complicated attacks to be staged by relatively inexperienced "hobbyist hackers". At the same time, the e-business revolution demands that companies continue connecting mission-critical systems to the Internet. Today's next generation approach to penetration testing can be a vitally important tool in the security arsenal for diagnosing vulnerabilities and exposures on an organization's computer systems and networks. For further information, please call us at 512-394-1331 or e-mail us at Jharris@complianceadvisoryservices.com
The Team Compliance Advisory Services has established itself as one of the leading security companies, providing services and products to a wide range of customers in both the financial institution industry and the businesses community. The objective of the Penetration Test Team (PTT) is to investigate the system from the attacker's perspective. The primary aim is to identify the risk before seeking a solution. The team has been in existence for years and consists for the most part of engineers and technicians drawn from the technical faculties of Universities and Colleges. They participate and instruct in a continuous training program throughout the year. The Services Drawing upon the results of the assessment, a Risk Management Program will identify those vulnerabilities that are exploitable within the current working practices. The program will report the impact of the identified risks, and make recommendations in terms of remedial action, based on the needs of business. Penetration testing is based on the management and control methodology recommended by SANS. CAS is a specialist company, providing a comprehensive penetration test service that assesses the vulnerabilities of the system, the efficiency of management strategies, and the vigilance of the end-user. Research into the known vulnerabilities of the current system architecture, is provided in support of the PTT by engineer and technicians from Internet Security Systems' X-Force. These unsurpassed engineers and specialists are amongst the very best in Information Systems Security. A by-product of this process is a unique and almost universal knowledge of the IT security market, the products and their flaws. In addition the X-Force provides research into the attack techniques used by the intruder and details of those methods that might be deployed against the customer's system. For further information, please call us at 512-394-1331 or e-mail us at Jharris@complianceadvisoryservices.com |