Penetration Testing Service
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Penetration Testing Service               Request a Call Request a Brochure

Overview

Security Brigade's Penetration Testing service is a valuable first step in discovering the vulnerabilities in your Network, Servers and Applications.

You benefit from:

  • Thorough overview of an organisation’s security from the public facing perimeter to the internal private network infrastructure.
  • Immediate definition of the security issues in your Network, Server and Application infrastructure.
  • Compliance with Federal, State and many Organisational regulations that require security assessments.
  • A list of detailed steps to fix the discovered vulnerabilities and control security problems.
  • Reduced risk of intentional or accidental misuse of information or IT assets.
  • Increased internal awareness of corporate liabilities.
  • Technical security overview by simulating an expert attack, monitoring the results and providing an easy to understand report with corrective actions and follow up recommendations.
  • Industry-leading expertise, support and guidance from SB' security research and development team.
  • Benefit from our proprietary methods and processes.
  • Acquire and maintain certifications to industry regulations (BS7799, HIPAA, OSSTMM, OWASP).

Features

Security Brigade's security experts validate your existing security controls and quantify real-world risks by conducting demonstrations of covert and hostile activities typical of network, system and application attacks in a safe and controlled exercise.

When testing is complete, you will receive a detailed security roadmap that prioritizes the weaknesses in your network, system and application environment.

Key Features

  • Expert, real-time demonstrations of activities typical of malicious attacks, which reveal how Internet threats could compromise your perimeter devices and security controls.
  • Safe, quality service by an expert security professional, through both manual penetration techniques and automated scanning.
  • Unique combination of proprietary and industry-leading security assessment tools, complete with an in-depth analysis of vulnerability data.
  • Template driven projects to ensure the industry recognized guidelines of OSSTMM, OWASP, NSA and TTNSAC are followed at all times.
  • Prioritizes the discovered risks and defines immediate actionable items to improve security posture.
  • Regular examinations can highlight unexpected security changes to your company’s infrastructure.
  • Detailed report analyzing your network security and prioritizing the risks found in your system.
  • Constant Research and Development ensuring that you are protected against evolving attacks that utilize the latest attack vectors.
  • Clearly outlined responsibilities and detailed remediation steps to help you protect the confidentiality, integrity and availability of your company assets and resources.
  • Can be tailored on a per-client basis to suit individual requirements.

Benefits

Security Brigade's penetration testing helps safeguard your organisation against failure, through:

  • Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.
  • Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organisation losing business, receiving heavy fines, gathering bad PR or ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes even imprisonment.
  • Protecting your brand by avoiding loss of consumer confidence and business reputation.
  • Quantifies the risk to internal systems and confidential information.
  • Protects the integrity of online assets.

From an operational perspective, penetration testing helps shape information security strategy through:

  • Identifying vulnerabilities and quantify their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.
  • Validates the effectiveness of current security safeguards.
  • Justifies and enables a security program by raising awareness about liability at all levels of the organisation.
  • Provides detailed remediation steps to prevent network compromise.
    Validates the security of system upgrades.
  • Raises executive awareness of corporate liability.
    Helps to achieve and maintain compliance with federal and state regulations.

Technical Information

Security Brigade provides penetration testing services that scope and test your network using sophisticated testing software and methodology - A blend of best practice and proprietary process. This includes manual testing techniques, automated tools to discover vulnerabilities and the use of any existing compromised systems to gain further access in the network.

Corporate networks consist of many different components however some of the more common components can be seen in the network map below.

Corporate Network Map

Types of Penetration Tests

Due to the large number of varied components in an average corporate network, penetration testing needs to be carried out in a few different ways. Three such methods that are commonly used are, Light perimeter testing (External testing from a remote location), Full perimeter testing (External testing from within the DMZ) and Internal testing (On-site testing).

Light perimeter testing

It is also known as external testing from a remote location, in which the tester has no knowledge of the internal infrastructure to be tested and starts the tests with the lowest level of access to the application / servers.

The light perimeter penetration test is a full scope attack against client computing resources available via the internet. This includes systems such as web servers, mail servers, routers, firewalls, and other network assets. External penetration tests utilize multiple phases during the attack to determine the variety of information. The goal of the test is conclusive identification of those vulnerabilities that could allow an attacker to gain unauthorized access to components within the client’s network. These vulnerabilities are then used as a toe hold to further compromise the network and gain as much access to the client’s network as possible.

Full perimeter testing

It is also known as external testing from inside the DMZ with accessible internal systems in which the tester has no knowledge of the internal infrastructure to be tested and starts the tests with the lowest level of access to the application / servers.

The full perimeter penetration test is a full scope attack against client computing resources available via the internet and intranet. This includes systems such as web servers, mail servers, routers, firewalls, and other network assets. Full perimeter penetration tests utilize multiple phases during the attack to determine the variety of information. The goal of the test is conclusive identification of those vulnerabilities that could allow an attacker with internal access to escalate privileges and gain access to components requiring higher authority within the client’s network.

Internal testing

It is also known as On-site testing in which the tester has complete knowledge of the infrastructure to be tested. The tester also has physical access within the network to test the internal components of the network over the intranet.

Internal or on-site penetration testing is a fixed duration attack against client computing resources. The test examines those networks and computing assets that are accessible only from the inside of the organisation and may include various routers, firewalls, network devices, servers and workstations. The goal of the test is to use the internal access to the network to escalate privileges within the network.

Our Testing Process

Scoping
The scoping process will define the target system(s) that will be considered during the penetration testing. This will define the boundaries, objectives and the validation of procedures. Defining the target system(s) is crucial in many ways - legally, resourcefully, and financially.

Target Discovery
Security Brigade will perform thorough searches of various search engines, DNS records, WHOIS databases, scan tools and other sources to obtain as much information as possible about the target network. The aim of this process will be to try and identify as many internal systems, firewalls, mail servers, VOIP servers and other entry ways as possible including employee systems. Social engineering tactics, if within the scope will also be employed in an attempt to get employees to divulge information that is useful for the attack process.

Enumeration
Once specific domain names, networks and systems have been identified through scoping and target discovery the penetration testing team will gain as much information as possible about each part of the network. The process of enumeration will involve invasive discovery methods on each one of the systems with the aim to obtain usernames, application version information of services and applications and network share information limited only by the rules of engagement and scope agreed on.

Social Engineering
The “human firewall”, sometimes becomes the weakest link in the most secure networks. Social engineering tests the human front by attempting to gain access to an organisation and its assets by tricking key personnel over communication mediums such as telephone, email, chat, bulletin boards etc. Some of the techniques used will be:

1) Pretexting
It is the act of creating and using an invented scenario to persuade a target to release information or perform an action.
2) Phishing
It applies to an email appearing to come from a legitimate privileged source attempting to gain information from the target.
3) Trojan Horse / Gimmes
It can arrive as an email attachment promising anything from a "cool" or "sexy" screen saver, an important upgrade, or even the latest dirt on an employee and aims at gaining backdoor access to the targeted system.

Vulnerability Mapping
This process involves mapping the profile of the environment to publicly known, private and unknown vulnerabilities. The researchers at Security Brigade constantly work on discovering and cataloging new unknown vulnerabilities that could affect our clients. The mapping process allows the tester to short list the huge database of vulnerabilities to the most relevant ones for that particular network environment. This phase allows the creation of an agenda for the exploitation process.

Exploitation
The exploitation phase begins once the target system’s vulnerabilities are mapped. The penetration tester will attempt to gain privileged access to a target system by using the exploits mapped for the identified vulnerabilities. The key to this phase is manual testing, which allows an attacker to ensure each exploit is applied accurately for that environment.

Privileged State
Once the exploitation process is complete, the tester uses the newly gained privileges as a platform for repeating the process of Target discovery, Enumeration, Social engineering, Vulnerability mapping and exploitation. This privileged platform allows the attacker to gain further access into the network that was not attainable from the outside. This step is repeated over and over again until the tester reaches a point where further compromise is not possible.

Report
Security Brigade works with you to develop a report that will provide a clear and prioritized matrix of actions, work efforts and findings. A preliminary draft report will be provided to the technical point of contact for the purpose of review and clarification followed by a final report at the end of testing. The report will include the following

  • Executive Summary (Free of jargon, with topics of executive interest)
  • Methodologies, scope and summary of evaluations
  • Research: Websites, documents, IRC, USENET etc
  • Priority, including remediation priorities and risk
  • Estimates of work required for remediation
  • Findings and recommendations sufficient for risk management and remediation planning

Along with the report Security Brigade will provide support for a year after the test to help the internal development team understand, fix and re-check the issues in the report.

Compliance

Security Brigade's Penetration Testing service can meet the requirements of many standards and guidelines in relation to information security. Our Penetration Testing team has working knowledge of the following standards and attempt to exceedingly meet thier requirements.

  • PCI
    The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.

  • ISACA
    ISACA was established in 1967 and has become a pace-setting global organisation for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.

  • CHECK
    The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.

  • OSSTMM
    The aim of The Open Source Security Testing Methodology Manual (OSSTMM) is to set forth a standard for Internet security testing. It is intended to form a comprehensive baseline for testing that, if followed, ensures a thorough and comprehensive penetration test has been undertaken. This should enable a client to be certain of the level of technical assessment independently of other organisation concerns, such as the corporate profile of the penetration-testing provider.

  • BS7799
    BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007. The BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.

  • HIPPA
    The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Administrative Simplification (AS) provisions of HIPPA, require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.

  • OWASP
    The Open Web Application Security Project (OWASP) is an Open Source community project developing software tools and knowledge based documentation that helps people secure web applications and web services. It is an open source reference point for system architects, developers, vendors, consumers and security professionals involved in designing, developing, deploying and testing the security of web applications and Web Services.


                   
              
Copyright 2006 Security Brigade