Testing of information systems – Penetration test, Testing for vulnerabilities, Social engineering, Prevention of DOS attacks
What is a penetration test?
A penetration test, or pen-test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
Penetration testing is typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources – specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.
The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.
Network Penetration Testing
Global Management Consulting takes care to prevent possible breaches by identifying threats and provide effective methods to eliminate vulnerabilities before malicious individuals manage to exploit them. We are able to do penetration tests, analyzing your networks and devices.
Check the extent to which your internal network is publicly accessible, such as testing if your network services and protocols are protected. Create virtual topology of your servers, routers, switches, access points, firewalls, IPS/IDS devices and others. Having found the available devices on your network, check whether they are updated and test all possible exploits for found services and protocols. Check whether your confidential information is encrypted with strong enough algorithms so that no one can read it. Network tests also include testing of firmware and commodity software that is installed on various devices.
As a result of our penetration tests we prepare and provide written reports and provide your team the necessary guidelines for the effective elimination of all vulnerabilities that we find.
Global Management Consulting approached any intrusion test in a unique way for each client. Based on the findings of our specialists will synthesize customized course of action for both the management and the technical audience. The approach consists of about 80% manual testing and automated testing 20%, as actual results may differ slightly. Although automated testing enables efficiency, it is appropriate during the initial stages of penetration tests.
Comprehensive penetration test can be realized only through precise techniques for manual testing. And we securing our customers the best solution!
Web Application Penetration Testing
The web application is any software that can be accessed through a web server, but not necessarily with a web browser. An appropriate example of web application includes portals for online banking, Web sites, which are managed by the content management system (such as WordPress, Joomla, Mambo, etc.), E-commerce websites, etc.
Statistically, the major of all compromises are the result of exploited weaknesses in web applications. In many cases, the vulnerabilities that result in compromise, which entail serious breakthroughs are completely ignored by conventional and automatic testing methods. In other cases, vulnerabilities are identified but incorrectly considered inviolable because of the presence of protective technologies.
For example, a common misconception is that you can use queries with a specific parameter to eliminate all risks from injecting code into the database. The truth is that if the queries are not constructed properly, then often the exploitation is still possible. Another misconception is that Web Application Firewalls protect them from attacks. The truth is that their firewalls can only be configured to protect them against certain attacks, but are completely ineffective against new attack methods.
The Best Practice suggests that an organization should perform a web application test in addition to regular security assessments to ensure their protection.
Social Engineering tests
Social Engineering is a technique that relies on exploiting weaknesses in human nature, rather than hardware, software, or network vulnerabilities.
We offer four core Social Engineering areas to test human susceptibility to persuasion, suggestion, and manipulation:
To perform the required inspection by email phishing GMC will provoke the staff to visit unfamiliar Web sites, to disclose sensitive information, or in short – to perform an action that employees would not do otherwise.
By methods of Social Engineering via phone we will check how your employees are willing to reveal sensitive information about you, or are to commit other action which might affect your interests – intentionally or not.
Physical Social Engineering
The tests run in a real physical environment, with our professional staff directly involved. The purpose of such tests is to reveal potential weaknesses in the physical perimeter.
As part of the checks, GMC`s experts pretend to be suppliers, new employees, business associates and even family members of employees to provoke your staff to give confidential company information or to authorize access to areas in your building.
DOS attack protection
This type of attacks is conducted by sending a huge amount of network traffic, which is overloading the network channel. Another way is causing endless processes to run on the victim machine, using all of the CPU and Memory resources and others.
Those attacks even more frequent, which makes them difficult, durable, sophisticated and compelling security challenges to organizations of various scale.
GMC can help you with advanced secure protection against DDoS attack which has the ability to reduce such threats of all shapes, sizes, and scale, including those aimed at mainstream network protocols, DNS amplification, and others.
Benefits of Penetration Testing
Penetration testing offers many benefits, allowing you to:
- Intelligently manage vulnerabilities;
- Avoid the cost of network downtime;
- Meet regulatory requirements and avoid fines;
- Preserve corporate image and customer loyalty.
As you can see, hiring a pen-tester to test your network is a proactive effort of protecting your network and business from risks before attacks or security breaches occur.