| || |
Services: Network Penetration Testing & Ethical Hacking
A complete multi-layer review of each access point into the corporate network including Internet gateways, wireless access points, business partners, dial-in modems, and more. Testing simulates real-world attacks and also includes internal reviews to ensure that secondary controls exist in the event of the failure of a perimeter control.
While some of our competitors consider port scanning and vulnerability scanning as a penetration test (as offered in our Internet Vulnerability Assessment), we feel that penetration testing is a much more complicated task.
Penetration testing can be costly with typical engagements for organizations with relatively high network complexity in the $15k-30k range; however, for organizations with a heavy reliance on information systems a return on investment can be easily achieved. Our penetration testing also include one free year of quarterly vulnerability assessments.
Penetration Testing Methodology At Magnitude CG we believe that penetration testing, also known as ethical hacking, should be completed from all key network interfaces to the outside world. These interfaces include the Internet, connections to business partners, wireless networks, connections to remote offices, and more. In addition, testing should be completed at multiple layers, such as outside the network, inside the network, within the network demilitarized zone (DMZ), and from public or contractor portions of your network.
In addition, we prefer to use an inside-out approach to penetration testing rather than blind testing. With blind testing, we are given very little inside information about the network and perform the test under conditions similar to those faced by a small percentage of attackers. This type of review often misses security holes that would be found by attackers with unlimited time budgets and does not reflect the conditions under which the attackers you should be most worried about would be operating.
It is commonly accepted that the majority of attacks that result in loss to organizations are performed by people with inside knowledge of networks - typically disgruntled insiders or previous employees. By working with inside information Magnitude CG is able to more closely simulate the conditions under which these attacks would operate, as well as allow us to focus our efforts on areas known to be higher risk instead of spending our time chasing dead ends.
Blind penetration testing identifies holes as they appear. Inside-out penetration testing allows us to address the problems that are causing the holes and can prevent new holes form ever appearing on the perimeter.
Risk Assessment Internet Vulnerability Assessment
Network Penetration Testing
Security Policy, Process, and Procedure Review
Design and Implementation Secure Remote Access Infrastructure
Intrusion Detection System (IDS)
Secure Wireless Networking
Awareness and Education Management and Staff Awareness
IT Staff Security Administration Training
[Back to Top]