Penetration Testing Network
The penetration test, also „penetration testing“, constitutes the comprehensive security audit of single systems or networks. It is designed to simulate unauthorized access of a real attacker („hacker“) to determine a system's vulnerabilities. The security check preferably includes all system components and applications of a network or software system.
Procedure of penetration testing
Classical penetration tests of networks consist of collecting data of a target network, using publicly accessible information. The preparation comprises the definition of risk scenarios, test achievements and appropriate tools. Subsequently the IT infrastructure is scanned by public and in-house tools to discover services and security flaws.
Critical results will be advised immediately to the customer to instantly remove the security gap. On request you can check particularly exposed targets of your infrastructure to secure your assets best possible.
Because one single test statues a snapshot in time, we strongly recommend periodical penetration testing. You are welcome to ask for expert consultations and gain further information.
What are we testing for?
As security experts we provide two kinds of penetration tests. On the one hand the classical attack of company networks and on the other hand a focused test on web applications. Therefore the security flaws differ. We offer the following network tests:
- Whois für die IP-Range
- Discover other zones of the provider
- DNS Analysis
- Portscan of IP-Range
- vulnerability check of detected services
- random password attack on services
- conclusive analysis of environment and rating of discovered security flaws
For further information about web application testing, click here.
Goals of the penetration test
A penetration test is supposed to identify security gaps of intra-company networks and discover potential issues. These issues may be a result of insufficient operating like misconfiguration of firewalls or a corrupt right management system. Ideally the errors will be fixed to improve the security of technical and organisational aspects.
What kind of penetration tests exist?
The penetration test can be distinguished by:
- Information basics (Black-Box or White-Box)
- Aggressiveness (passive / careful / assessing / aggressive)
- Range (full / limited / focused)
- Technique / Manner (network access, communication, physical access, social engineering)
- Origin (from outside / inside)
According to the initial scenario and the customer's needs, we compose individual test cases. The tests are often splitted into several steps to meet different criterias and simulate various attacks.
Will operations be disrupted during the test?
The classical, comprehensive test normally includes so called DoS attacks (denial of service) that aim to shutdown services and systems. To avoid computer shutdowns and non-productive time, we perform penetration tests outside working time. Data handling of received information is stated in the customer agreement. Furthermore, we ONLY perform DoS attacks in close coordination with the customer.
Publications of the curesec GmbH on Penetration Testing Network