External Network Penetration Testing
External network penetration tests are carried out without any knowledge of the internal workings of the network. This puts Dionach auditors in the same position as potential intruders. Information gathering, scanning and probing, vulnerability assessment and exploitation will take place.
Skills relating to devices found on security perimeters are used, including web servers, routers, firewalls, email servers, DNS servers and VPNs.
The report will provide an executive summary section with a non-technical explanation of the impacts and likelihoods of the more serious issues. The technical results section will list the issues with impacts and likelihoods and recommendations for resolution.
Please read more on the features of a network penetration test and a case study in the further reading section on this page.
Network Security Audits
A security
audit examines the effectiveness of an organization’s security
infrastructure and security policies relating to hardware, software and
users from a technical viewpoint.
A standard network security audit by Dionach is comprised of
an examination of network topology, an audit of the firewall and server
configurations, a review of security policies, and a detailed report of
the findings, issues and recommendations.
An audit will demonstrate to management if investment in
security is required to reduce risk to an acceptable level, and
justifies security budget expenditure. A regular audit will identify
any infrastructure of procedural changes that have caused any major
security vulnerabilities.
Internal Penetration Testing
An internal penetration test is an attempt to gain access to internal systems from either the perspective of an attacker who has internal access or an employee with low access privileges.
The internal test objectives are to escalate privileges and gain access to systems or devices agreed to prior to testing. The targets for proof of access may be Windows domain administrator passwords, database passwords, system or server screenshots, confidential emails or confidential documents.
Wireless Penetration Testing
War driving has been popular among hackers for years, as many wireless networks using the IEEE 802.11 standard (or WiFi) are easy to setup and use without any encryption. Even the first encryption system used, WEP, is now considered a weak method.
During a wireless LAN test, Dionach will attempt to identify and gain access to any target wireless LANs discovered at the physical site being tested.
Voice Over IP Penetration Testing
Due to its low cost, existing infrastructure availability and increased flexibility, it is likely that VoIP usage will increase hugely in the near future.
With this growth comes the issue of VoIP security. IP Phones, the VoIP Gateway and PC software based phones are key components in a VoIP system. Potential issues may include eavesdropping with hacking and sniffing tools, attackers being able to make free calls, and VoIP opening perimeter holes in an otherwise well protected network.