Insight Technologies

Advisories

Avast AntiVirus 4.8 BSoD PoC (November 18, 2009)

BakBone Netvault backup 8.22 Build 29 remote DoS (September 24, 2009)

News

Oracle database can be hacked remotely: researcher

Google offers bounty on browser bugs

Google Threat Jolts Chinese Internet Industry

Google pushes security with Public DNS

Microsoft confirms first Windows 7 zero-day bug

Partners

Penetration Testing

Any Company or Organization, with an integrated computing system, cares for the Security of its IT Environment. Spending thousands of Dollars on Security appliances, is the need for a Secure IT Environment. Although all Security appliances are said to be "The Best Protection Tool", Secure Configuring these Security Appliances, according to your IT Environment, is a Must.

But,

Have you ever TESTed your IT Security Measures, implemented in your Company?
Have you ever Wondered if your IPS, IDS or firewall is functioning Right? and preventing you from Cyber Attacks?
Did you know that Every Machine with an IP can be Hacked?

At Insight Technologies, we Test and Grade your IT Security. With the Service of Penetration Testing, we can Test the Security of Any Application or Machine that has an IP; Internally and/or Externally.

Insight Technologies has 3 Types of Penetration Tests, accommodating all your needs:

Service Penetration Test

Extensive Penetration Test

Website Penetration Test

What is a Penetration Test:

A Penetration Test is an evaluation of the current security status of computer systems. A penetration tester attempts to compromise the network of a company for the purpose of assessing the security status of its data by imitating the same techniques intruders use to violate networked systems of any institution and subject them to prominent risks. Even though the same techniques of a malicious hacker are being used, it must be pointed out that a penetration tester conducts these methods leaving aside the bad intentions of a malicious hacker. Apart from automated techniques, Penetration Testing involves manual ones for conducting targeted testing on specific systems to ensure that there are no security flaws that may have gone undetected earlier, as well as making sure that there are no known and unknown technical vulnerabilities or security flaws left unnoticed in a specific system. And in order to optimize the service to fulfill any company's needs, the company should take into consideration the scope and the type of the Penetration Test.

The common approach to the penetration testing is the External Test. The testing procedure will be accomplished from the outside of the organization's structure, simulating a real world attack from an outsider's position in means to eliminate any threats that might lead to gaining access and putting the organization's sensitive data at risk.

The alternative approach is to conduct an Internal Testing, which simulates attacks that may compromise an organization from an internal position, where accessing secured data may be done with more ease then externally; since the intruder is already connected on the inside layer of the organization's network.

In both cases the Penetration Test can be conducted either with no prior knowledge of the targeted system given by the client (Black-Box), or with few information (Gray-Box) or with full knowledge of the system (White-Box).

Penetration testers can choose to carry out a Black-Box testing and without the knowledge of the IT staff, starting with mapping the network while enumerating services and operating systems without being noticed in order to simulate a real world attack and minimize false positives. Penetration testers will apply all kind of attacks that usually a black hat hacker will try to use in order to gain access. Generated attacks will be performed as a simulation process to maintain the business continuity and so that the client's environment won't be affected.

The White-Box Penetration Test differs from the Black-box, because the attack will target and focus on all the critical elements and not taking any time compromising unrelated network nodes since the testers are supplied with complete information about that target. This information can include network topology documents, asset inventory and valuation information ... Organizations only resorts to such tests when they need a full security auditing.

The Gray-Box is where the tester is provided with some knowledge about the organization to start with, it is usually what hackers can find useful to take advantage of for accessing the network. In some cases penetration testers can work side by side with system and network administrators. One of the most efficient and effective service in Information Security is the Penetration Test, which evaluate the overall business security and identifies what resources are exposed and what have been already compromised by intruders. It enables organizations to determine if current security investments are detecting and preventing attacks.

^ Top

Previous page: Vulnerability Assessment
Next page: Service Penetration Test

Navigation

Current page is 4.3: Penetration Testing