The aim of an Infrastructure (or network) penetration test is to discover vulnerabilities that could be used by an adversary to gain unauthorised access to the network and systems.
This assessment helps organisations gauge whether the security controls in place are sufficient to protect your organisation, specific systems and sensitive information from attacks.
Our specialists assume the position of an external attacker and look to exploit vulnerabilities and system misconfigurations to gain access to the organisation's network over the internet and assess the impact of gaining such access.
You are provided with a detailed report containing practical and actionable recommendations for resolving all vulnerabilities identified in the test.
Passive information gathering consists of extensive querying of public information sources to discover details that may have been unintentionally leaked about the environment, organisation and infrastructure.
These queries are passive, and involve no direct probing of the target system.
Security Alliance penetration testers begin the practical testing by determining the live hosts within the defined target environment.
Target network ranges and host addresses are determined from any provided host lists and network diagrams, and from discussions with the client technical contact, as appropriate.
Having identified the 'live' hosts, Security Alliance consultants attempt to use them to extract further information about that network.
Having enumerated the hosts and developed an understanding of how each host interacts with both the remote user and the remainder of the target environment, the penetration testers proceed to identify the vulnerabilities that are likely to exist on each host.
The output from automated scanners is analysed to identify only the confirmed vulnerabilities.
In addition, based on the fingerprints of the Operating System and Software identified in the previous phase, the penetration testers access vulnerability databases to obtain details of vulnerabilities affecting the specific platform.
This phase attempts to exploit identified vulnerabilities on the host. This phase is conducted only when you request for us to perform exploits against the services running on the servers.
The exploitation phase involves attempts to execute publicly available exploits and does not include creation of new payloads/exploits. Successful exploitation of vulnerabilities may serve to indicate the ease at which those vulnerabilities can be exploited.
We'll schedule a preliminary phone call to learn about your challenges
You'll outline your needs and highlight any relevant applications in a scoping questionnaire
We'll review the results and send a detailed proposal outlining the service and pricing
You'll let us know when to proceed
We'll schedule a convenient start date and begin gathering the required technical information in advance
Testing the network layer (firewalls, web servers, email servers, FTP servers, etc.); the application layer (all major development languages, all major web servers, all major operating systems, all major browsers); wireless systems; internal workstations, printers, fax machines. We have performed tests and security assessments for organisations from a range of sectors including:
A vulnerability scan is performed using an automated scanner which allows for detection of platform specific issues. It recognises patterns, signatures, and payloads that match a pre-defined set of vulnerabilities. They are not "context-aware", nor do they understand critical business functions or important security controls like authentication and authorisation.
Dependency only on vulnerability scans may result in missing critical security flaws, and insecure configurations which can only be identified by an expert. A penetration test leverages knowledge given by vulnerability scans to analyse, and make decisions on what exploits and attack paths can be taken.
For example: In a recent engagement vulnerability scans reported a specific issue on 100’s of a customer’s webservers. The penetration testing team then investigated this issue, identified the conditions under which such vulnerabilities can be exploited and isolated five servers where a successful exploit could be carried out.
Most vulnerability scanners are configured to perform "safe checks" for buffer overflows, and sometimes may even lower risk ratings while reporting such issues.
A penetration testing exercise would however be able to clearly identify if the buffer overflow can be performed without any damage to the targeted systems.
Or…Shouldn't you be able to find all this information for yourself and identify our systems and their vulnerabilities?
We conduct ethical hacking exercises. This means we are bound by law, ethics and a code of conduct from our industry body (CREST). We therefore do not carry out certain activities that hackers would. Providing this information also allows us to provide a comprehensive test in a shorter time-frame resulting in an affordable test for you.
Time is a less critical factor for a cyber criminal. Attackers will often take months or even years to prepare for an attack on an organisation. A real-life hacker would spend a considerable length of time performing reconnaissance to gain access to sensitive information about your people, processes and systems.
Instead we start the simulation from the point at which your adversary has already completed preliminary reconnaissance.
Firstly, it is a positive outcome if system administrators or security operations personnel detect our attacks promptly.
To enable us test efficiently and cost effectively, we request that our IP addresses are not blocked even when an attack is detected.
During a security test, we try a large number of attacks in a very short time. This could trigger a large number of alerts in your IDS and catch the attention of the administrators. Please remember that in practice, an attacker might try these attacks slowly, over a longer period of time, and slip beneath the radar.
Bespoke security testing
Our Security Testing Programmes help clients identify and mitigate against the vulnerabilities within their infrastructure, processes and people. We design and conduct rigorous investigative engagements that locate and fortify weaknesses within technology, code and human behaviour.
We offer a broad range of standalone and managed security testing services, as part of both point-in-time projects and ongoing, integrated programmes.