With the steadily increasing amount of
cyber-terrorism, must to contemplate, "How valuable
is my data?"
The intent of most experienced hackers is not to destroy
your data, but rather gain constant access to it by setting
up a permanent backdoor for themselves. The data contained
within internal networks around the world is completely
different in most cases, but the purpose of an internal
network remains the same...
To keep unauthorized individuals out!
Knowledgeable hackers discover vulnerabilities in server
software, Website scripts and networking technologies.
New vulnerabilities are often traded amongst hackers
for other knowledge, account passwords etc. Occasionally,
someone will write a program, which exploits a new vulnerability
almost automatically - and such programs often find
themselves in the hands and on the hard-drives of malicious
individuals who lack the knowledge to create them.
The results of a Penetration Test are provided in two
forms. The first is a executive summary of vulnerabilities
and how they can impact your business, and the second
is a technically detailed report covering all aspects
of our scans and tests, and suggestions for specific
solutions.
It is very difficult to split the test into easily defined
sections as they so often cross over and are interrelated.
Information gained in the later phases will often be
recycled into pointers for early phase techniques. However,
the test may proceed as follows:
Target Acquisition
Your IP address or company name, we will focus our
sights on you in the cyber-world, developing a map of
client-associated access points. This involves data
flow checking and open source research to determine
what the outside world sees of the target - visible
networks, operating systems, etc. We will seek to identify
alternative access points to the target, such as associated
IP addresses belonging to the client or those of third
parties with connection to the target.
Vulnerability Assessment
This procedure is a high-intensity search, identifying
the probable weak points in the system topology.
Using for example:
Unblocked data flows, such as FTP, which may allow the
incursion of program code. Bugs in the operating systems
of computers and communications hardware which allow
nonstandard access (such as remote-access cards and
the like), telecom sweeps to detect unprotected or unauthorized
modem use, and straightforward attacks on systems, such
as buffer overflows, stack smashing, etc.
For more information on proper programming development
and security, please contact WEBPRO
International. |
