Penetrax - Security Consulting Home   |   Services   |   DIY Tools   |   FAQ   |   About Us   |   Contact Us  
       
 

FAQ

What is a blind penetration test?

A blind testing strategy aims at simulating the procedures and actions of actual hackers.. Just like a real hacking attempt, the testing team is provided with only limited or no information concerning the organisation prior to conducting the penetration attempts.

What is an informed / targeted penetration test?

An informed / targeted test, involves both the organization's IT team and the penetration testing  team to carry out the test. The testing team is informed of the various aspects of the network (i.e. firewall configuration, IP address ranges, services running on public-facing servers etc.) prior to the test, so that specific testing procedures pertaining to the properties / functions of the various targets in the network could be applied. Unlike a blind test, a targeted test can be executed in less time and effort, providing more thorough and cost-effective results compared to blind tests.

What software do you utilize during your tests?

We utilize both commercial, open-source and internally developed software during our penetration tests. PCI and ISO tests are performed using software and tools authorized by these institutions.

What is vulnerability testing?

Vulnerability testing is a systematic examination of a network or system to determine the adequacy of the implemented security measures, identifying security deficiencies, implementing additonal security measures to overcome the deficiencies in the system, and confirming the adequacy of such measures after implementation by re-testing.

What is internal penetration testing?

A considerable amount of security incidents originate from within an organisation's perimeter firewall; Curious, ignorant or disgruntled employees, corporate espionage, outsourced personnel, social engineering attacks and lack of physical security are just a few methods to jeopardize the integrity of sensitive information held within your organisation's IT infrastructure. Internal penetration testing aims to reveal more weaknesses, errors and lack of proper configuration in your IT equipment by performing extensive tests against them from behind your perimeter firewall. It also includes reviewing your systems and network hardware configurations, change control / IT management policies and provides an insight into the effectiveness of your current IT defense strategy as a whole.

What kind of reports will I be getting?

Our executive reports will provide you a concise summary of any vulnerabilities we have found, together with a measure of their severity and the potential impact on your organisation, sparing you from extensive technical details.

Our technical reports give details of vulnerabilities that we detected, what they mean to your security should a hacker exploit it, and possible methods for remediation.

How often will I need to be tested?

If you are seeking to become PCI or ISO certified; both organisations generally require you to be tested quarterly, with a more detailed, annual test to be performed at the end of each year. Even if you are not after a specific certification, we still recommend your network and systems to be tested at least bi-annually since new vulnerabilities are found each day and one of them might turn out to be the opportunity a potential attacker is looking for.

  
     
  Copyright © 2006-2011, Penetrax Security Consulting. All Rights Reserved.