|
How secure is your network?
The problem with the implementation of much network security
is that it is often performed on a reactive
basis.
Modern networks are becoming increasingly complex, which
can make it hard to keep up with every possible security vulnerability.
All too often a vulnerability only becomes apparent after
the security has been breached, by which time it is already
too late.
44% of UK businesses have suffered at least one major
security breach in the past year, the average cost of a single
breach has been estimated at £30,000
How
can penetration a test help?
Cisilion's penetration tests mimic the actions a real-life
hacker, and are an in depth examination of a company's risk
exposure to security vulnerabilities. The test will seek to
verify and exploit any vulnerabilities uncovered by the test
in order to get a clear picture of the extent of the damage
an attacker could inflict.
The test will usually be carried out over a period of 5 days.
A penetration test is recommended for companies who:
- Require an in depth assessment of the risk exposure
of their business systems and processes.
- Are undergoing due diligence.
- Are required by legislation to assure the security
of their systems and protect their data (e.g. BS7799
compliance).
- Have recently had a penetration test and implemented
recommended changes and wish to have those changes verified
by an independent third party.
- Have recently deployed new servers or services.
What will the test cover?
Cisilion's penetration tests are among the most comprehensive
available.
The penetration test is split into a series of core modules,
with additional optional modules added where required.
Click on the module title for an explanation of what is
entailed and achieved:
Additional modules available on request:
| Network |
Communications
Security |
| Denial
of Service Testing |
PBX
Testing |
| Firewall Rule Evaluation |
Voicemail
Testing |
| IDS Testing |
FAX
review |
| Privacy
Review |
Modem Testing |
| Wireless Security |
| Wireless
Networks Testing |
| Cordless Communications Testing |
All the tests are OSSTMM
approved, a certification developed by Pete Herzog
(Chief of Security) at IBM and used by many organisations as a
penetration testing guideline.
OSSTMM (Open Source Security Testing Methodology Manual) is used as
a general guideline for many organisations.
Depending on which test you choose, it will penetrate your
network in different ways. The most basic health check offering
will act as a "Hacker in a Box" effectively penetrating
the gateway for vulnerabilities.
After the test is done it will make determining ROI
much easier as you will have a much clearer idea of what is
needed in the first instance to secure your network.
These are purchased by many of our customers every quarter
as by making this small investment they are potentially saving
thousands in product that was not required quite as urgently.
In addition, every time a change is introduced into a network
a comprehensive penetration test is the only way to be sure
that no new vulnerabilities have been introduced.
If you would like to know more about a penetration test, please contact us.
We will be happy to meet with you for a free consultation
on your requirements.
|
