Find vulnerabilities in your network before hackers do
The primary objective of a network penetration test is to identify exploitable vulnerabilities in networks, systems, hosts and network devices (ie routers, switches) before hackers are able to discover and exploit them.
Network penetration testing reveals real-world opportunities for hackers to compromise systems and networks in ways that allow unauthorised access to sensitive data or even system take-overs for malicious purposes.
This type of assessment is an attack simulation carried out by our highly trained security consultants in an effort to:
- Identify security flaws present in the environment
- Understand the level of risk for your organisation
- Help address and fix identified network security flaws
Our penetration testers also have experience in supporting networks, systems and hosts — not just in trying to break them. They leverage this experience to zero in on critical issues and provide actionable remediation guidance.
As a result of our penetration tests, you’ll be able to view your systems through the eyes of both a hacker and an experienced network security professional to discover where you can improve your security posture. Our consultants gather findings in written reports and provide your team with the guidance necessary to effectively remediate any issues we uncover.
Each and every network penetration test is conducted using globally accepted and industry standard frameworks. At a minimum, the underlying framework is based on the Penetration Testing Execution Standard (PTES) but goes beyond the initial framework itself.
The information-gathering phase consists of service enumeration, network mapping, banner reconnaissance and more. Host and service discovery efforts result in a compiled list of all accessible systems and their respective services with the goal of obtaining as much information about the systems as possible.
Host and service discovery includes initial domain footprinting, live host detection, service enumeration, operating system and application fingerprinting. The purpose of this step is to collectively map the in-scope environment and prepare for threat identification.
With the information collected from the previous step, security testing transitions to identifying vulnerabilities within systems. This begins with automated scans, but quickly progresses to deep-dive manual testing techniques.
During the threat-modelling step, assets are identified and categorized into threat categories. These may involve sensitive documents, trade secrets, financial information, but they more commonly consist of technical information found during the previous phase.
The vulnerability analysis phase involves the documentation and evaluation of vulnerabilities discovered as a result of the previous steps. This includes the analysis of the outputs from the various security tools and manual testing techniques. At this point, a list of attractive vulnerabilities, suspicious services and items worth researching further is created for the upcoming examination. In essence, this is when we develop the plan of attack.
Unlike a vulnerability assessment, a penetration test takes it quite a bit further by way of exploitation. Exploitation involves actually carrying out the vulnerability’s exploit in an effort to ascertain if the vulnerability is truly exploitable. During our network penetration tests, this phase consists of employing heavy manual testing tactics and is often quite time-consuming.
Exploitation may include, but is not limited to buffer overflow, SQL injection, OS commanding and more.
The reporting step is intended to deliver, rank and prioritize findings, as well as generate a clear and actionable report, complete with evidence, to the project stakeholders. The presentation of findings can occur via Webex or in-person – whichever format is more favorable for communicating results. We consider this phase to be the most important and we take great care to ensure we’ve communicated the value of our service and findings thoroughly.