|
Penetration Testing
Our highly skilled team of network penetration engineers act like a team of hackers. We perform what is known as a "snapshot in time" attack against your network. This means if we find weaknesses or vulnerabilities against your current
network configuration it is only valid until your next configuration change. A lot of companies have penetration testing performed once a year against their network and change their configuration four or five times over the course of the year. They don't understand that it is possible for hackers to use new vulnerabilities to break into the network once a modification to the network has
been accomplished. The truth of the matter is that penetration testing should be an ongoing event when it comes to securing a corporate network. It is recommended that companies have penetration testing performed every quarter. Even if configuration changes are not taking place, new vulnerabilities may have been discovered since the last test period.
Our penetration test engineers specialize in performing open source data collection against a network before running tools against a network. Most penetration test teams fail to perform a thorough information gathering phase prior to penetration testing which may impede the overall effectiveness of the teams ability to cover all areas of
a company's network.
Our penetration test engineers work under strict "ethical hacking" guidelines which help protect customer information when a vulnerability is discovered and protects client data from being exposed to the internet. When a serious vulnerability is discovered during testing the penetration test team will contact the system
administrators and help them tighten down the problem as soon as possible. While this will hurt the penetration team's ability to further exploit weaknesses against the client network, our team has the client's security as its highest concern. Even when we are playing the "bad guys".
Futures Inc.'s network security engineers will perform testing from all or any of the following points of a client system:
Open source information gathering (recon) against the client network. This information is used to identify computer systems, servers, firewalls, and other technologies used within a network. It can also discover email addresses, hidden directories, and non-obvious connections to other networks on
the Internet. External Interface (web connection) for weaknesses/vulnerabilities. This can be performed by automated tools to reduce cost, or by engineers to stay below the radar of an IDS. This can also be accomplished to test the ability of your system administrators handling of an actual attack. Internal Network mapping/ penetration testing. This type of testing will allow our engineers to sit in your location and perform testing from the inside of your network. It will show what Internal (trusted) users have the ability to do and it will find things that a hacker will have access to if your network is
compromised from the Internet and the hacker can establish a trusted relationship with the network. Lastly, our engineers have recently adopted a Wireless Network Penetration plan. This will allow our engineers to test your network from the outside of your facility using the 802.11 technology. This will only work if there is some type of 802.11 technology on the network. While some administrators think this type
of testing is useless, our team has found a number of 802.11 entry points in networks where the administrators nor upper management have allowed such happenings. It is a good test to perform if you want to discover things that your internal users might be doing without your knowledge.
All penetration testing is performed on a case by case basis. Ideally, we like to perform this testing on a test network with non-critical data. Discussions with the customer will help our team best decide or recommend how the testing should be accomplished. We can perform testing
late at night so your daily activities are uninterrupted or we can perform testing without the networking staff being told which will add the element of a real world attack to the situation.
We do not advertise clients for whom we have performed penetration testing. However, should a client require references we will use past clients which have given explicit permission to do so.
For more information, please go to the Futures Inc. Contact Us page.
|