Let me start by saying that Penetration Testing is certainly not for everybody. Penetration Testing is really for people who take security and privacy very, very seriously indeed.
In many way this is a more extreme and deep analysis that would be performed by our Data Security and Privacy Audit Report auditing. In most cases you should start with there and then decide if you want or need to go further with this Pen-Test.
Penetration Testing (or Pen-Test) is a very aggressive way of determining how secure you and your business is but is very effective for you – the business owner – to find out where your weaknesses are and the how to lock them down. What could be more important for a business owner? Protecting all you have built over the year.
In today world it is essential to ensure that you and your equipment is as secure as it can be. Anyone could be listening in. They may not yet be listening in, but someone might be trying.
With Penetration Testing – you essentially authorize us to “have a go” at you and your business. Try to break in the front door. Electronically of-course. it is a totally passive process and we will break and take nothing. We have an array of simple and complex hacker tools at our disposal (mostly Open Source) that we can employ.
How do we go about Penetration Testing?
We use a selection of techniques at our disposal – starting with fairly soft and benign techniques as far you would like up to brute-force ethical hacking techniques:
- Social Engineering – we will talk, contact, phone, email, text your business, staff, colleges and try to get relevant data – that might not be passwords – but could be server names, ip addresses, the name of your WiFi, pets or some data that could be used to enter the electronic door
- Social Media – most people are leaking a huge amount of private data from their social media accounts. Furthermore the owners of the social media platforms are mostly not trustworthy – your identity online must be managed and controlled
- Publicly Available information on the Internet / Web – you will be amazed to find-out what can be found out about you, your business, your personal life, and other relevant information but knowing how to properly use Internet research tools – we are experts in this area – and can use it for ethical and good uses to give you the heads-up of where you are today in the Electronic Jungle
- Ethical Hacking – Armed with good information and a reasonable profile of you, your business and what you do – We would thenĀ go in and attempt to penetrate your electronic perimeters
- WiFi networks and interfaces are usually the most convenient – even with secure passwords, and good security there are so-called Rainbow Tables that can be employed to good effect to grant access to private WiFi networks
- LAN / Network accesses are harder but also given the quality of most commercial and IPS provided routers these days it is the electronic equivalent of putting a small block of wood to protect the entrance to a Castle. It’s not sufficient
Penetration Testing Depth
Again let’s be clear here – you as the customer choose how far and how deep down the rabbit hole you wish us to go with the testing. Some customers are happy for us just to push gently on the doors, Otherwise really want us to stress out their systems and just see how far we can get. It’s really up to you and it is only with authorization that we will do anything.
The Results – The Report
The result of this is a comprehensive report that details all that was found and how it was determined. This is really an aggressive approach but it leaves the purchaser under no illusion whether they are in good stand or not.
Armed with this information the user can then start to fix the problems – and if desired we can help with that too.
Ethics and Conformity
It is true that just the idea of what we have explained here makes most people uneasy – and rightly so. This is disturbing stuff. But just because it is disturbing does not mean that people are actively pursuing these activities every single day for profit and advantage. The victim could be you, or part of your business.
This is a very controversial test and not for everyone. However for those that are up to the challenge of being scrutinized and audited by a totally external third part – this has proved to provide exceptional rewards.
Are You Ready to Take the Next Step?
So if you have thought this through and feel comfortable with some Penetration Testing in your environment and installations then please do not hesitate to get in touch and discuss how to approach this for you and your business.