A penetration test is a set of procedures designed to bypass the security controls of a system in order to test the system’s resistance to attack.
The basic stages of a test are:
- Information gathering or foot printing
- Scanning for external network services
- Attempting to penetrate the network by exploiting any services discovered
- Producing a detailed report of vulnerabilities and recommendations
The penetration test can be carried out on an external network address range, web site addresses, or internal servers and network devices.
This independent test is carried out either from our penetration test laboratory in Oxford or on site. Our consultants share a range of specialist skills and employ both manual techniques and the use of commercial, non-commercial and in-house developed tools to ensure that the test is comprehensive. The skills and tools are continually reviewed and updated to ensure that Dionach keep on top of the ever-evolving threats.
You will know what external services are publicly available at a point in time and you can act to remove unnecessary services. As the test is independent, it is an objective assessment of your external security, and so is more likely to identify security weaknesses than if performed by those who are responsible for the security.
The test mimics how a real intruder may attempt to compromise the system and is an offensive rather than defensive security measure, and so is the best way to determine how secure your network is in reality. The test will highlight any serious weaknesses in your network before a real hacker exploits them.
The report creates management and board awareness of security weaknesses and improvements, and can be used to justify the security budget. A follow up test can verify the impact of a security program and justify the expense. Regular tests ensure that your network is not compromised by changes in network services and new vulnerabilities.
The test will determine your ability to detect and respond to security incidents, and so improve your detection and response effectiveness for the future. Positive results provide confidence in the security of the network infrastructure.