Penetrax - Security Consulting Home   |   Services   |   DIY Tools   |   FAQ   |   About Us   |   Contact Us  
       
 

FAQ

What is "blind" external penetration testing?

If you would like us to test your firewall as if we were "real" hackers, then you should tell us nothing at all about your installation. This means we have to perform a good deal of under-cover work in approaching the hack in the same way a criminal would, using social engineering and even physical break-ins.

What is "informed" external penetration testing?

We sign a non-disclosure agreement with your organisation and get details of your firewall solution from you - the overall design, the IP addresses etc. We will then run a variety of tests against your firewall defence, using exploits appropriate to the devices and products in use. This gives a thorough and cost-effective result.

What tools do you use?

Unless you specifically instruct us otherwise, we use primarily professional, commercial tools to conduct the tests. This ensures that we expose as many vulnerabilities as possible with the minimum risk of disruption to your Internet services. A list of tools which we may deploy is included in every proposal.

What is vulnerability analysis?

Vulnerability scanners provide a good deal of information about poor configuration, design flaws, operating system patches, etc. that are invaluable in securing against attack. This type of information will not be revealed in a conventional penetration test, the sole purpose of which is to break in to your system.

What about on-site DMZ testing?

We can reveal considerably more weaknesses and configuration errors in your firewall configuration if we can address it from inside your organisation as well as from across the Internet. We can also review your firewall management procedures, change control and firewall policy. If your firewall is managed by a third party or hosted at a remote site, we will also give you valuable information about the service provided by that third party.

What sort of report will I get?

Our reports give you a concise, not too technical summary of any vulnerabilities we have found, together with a measure of their severity and the potential impact on your organisation. The technical section of the report gives details of the vulnerability, what it means to your security should a hacker exploit it, and where to get a fix to resolve the problem. Finally a detailed log of every element of the tests is appended, as an audit trail of the work that was carried out.

What about continued assurance?

Many clients ask us to provide regular tests, both via the Internet and on-site. Our pricing policy offers discounts to clients ordering quarterly or monthly tests. Some clients also take advantage of skills transfer from our staff, to conduct their own regular tests between our periodic independent reviews.

 
     
  Copyright © 2006, Penetrax Security Consulting. All Rights Reserved.