Penetration Testing
Internet-based assessment
While most organizations can protect themselves from random Internet attacks, We recognize a lack of focus on attacks targeted against an organization. Since stateful firewalls have become ubiquitous due to their affordability, most purely technical attack vectors have been mitigated. This is why we offer a less technical, business-oriented approach to Internet security assessments. Starting with an understanding of the nature of your business, its reliance on information and what potential risks and threat vectors may benefit from a compromise, we create a profile of how your company looks to a would-be attacker. We create this profile using state-of-the art open source intelligence (OSINT) techniques. This profile also provides potential attack scenarios that are then played out over the Internet with monitoring, detection and response functions in mind. While direct social engineering attack techniques are not normally included in this testing, much of the human nature involved in access control mechanisms (e.g. creative password guessing) are.
Internal LAN (wired)
It’s true what they say about most organizations having a hard exterior but a soft interior. Most exploitable vulnerabilities are found on the inside of an organization’s network. Most penetration tests fail in two major areas. As previously mentioned, the monitoring, detection and response capabilities are seldom tested. But there’s another shortcoming of most penetration tests: They don’t get to the true business impact of a security compromise. Whether it’s sensitive customer data leakage, proprietary business process information or just the risk to continued business enablement (think Denial of Service), most penetration tests end where they really should begin. For example, on a recent test for a casino, we were able to compromise administrative credentials on the client’s windows domain within the first day of testing. This situation is actually fairly common. What the client found much more valuable, though, was the fact that we found a database that housed the upcoming Keno numbers. With this information, an attacker could take the casino for millions of dollars without getting caught. Mapping out how this scenario would work and how the client could implement multiple protective and detective controls to mitigate the risk is the true value of penetration testing as a professional consultant.
Wireless
Wireless network penetration testing is often misunderstood due to the many forms of wireless communications and the nature of those communications. Most consulting firms limit their wireless network penetration tests to 802.11 (WIFI) network infrastructure components. While those components are important to assessing risk due to wireless protocols, they really are a small part of the bigger picture. For example, Bring Your Own Device (BYOD) has opened up multiple new avenues for attackers to leverage for unauthorized access to sensitive information. The reason many organizations are not addressing this risk is for fear of violating their employees’ privacy. Having years of experience in social engineering helps us handle these situations with employees to present findings in a non-threatening way. In addition to WIFI networks, other forms of wireless communications may represent even more risk to the organization, such as RFID, Bluetooth, Infrared and Near Field Communications (NFC). In fact, many Closed Circuit Television (CCTV) systems are tuned to a specific channel that can be changed using an infrared remote control. Using this knowledge, an attacker could disable critical monitoring systems using an inexpensive universal remote controller.