Penetration Testing
Penetration Testing
FairCo's Penetration Tests provide you with an accurate method of evaluating the security of a single computer system or an entire I.T. infrastructure. Penetration Tests involve an advanced analysis of the target(s) involved, specifically designed to identify technology flaws or security holes within the target(s). Once those flaws are identified and confirmed a FairCo's Security Specialist will attempt to exploit those flaws to gain access to the affected target.
Penetration Tests can be executed in the following ways, or in a combination of the following ways.
- Directed Penetration Testing is the act of executing a penetration test against targets which are identified by the client. This is the standard method of attack for penetration tests and enables the attacker to work within well defined boundaries. Normally clients provide all IP addresses which belong to the client.
- Blind Penetration Testing is the act of executing penetration tests against targets which are identified by the attacker. No target list is provided by the customer and the attacker is expected to identify his own targets. To ensure safety, the attacker will confirm any potential hazards with the client before attacks are launched.
- Stealth Penetration Testing is penetration testing which is specifically designed to avoid detection. This type of testing is ideal for companies who wish to test their Managed Security Service providers' response time, or perhaps their own Intrusion Detection Systems and incident response methodologies. In most cases, stealth attacks should be detected by properly installed and managed monitoring solutions.
- Penetration Testing with Distributed Metastasis refers to the way by which a hacker propagates a computer penetration throughout a network. More specifically, a FairCo's Security Specialist will penetrate a target computer system behind a specific security boundary and use that computer system to penetrate other systems protected by that boundary. This in effect nullifies that security boundary and enables the FairCo's Security Specialist to penetrate deeper into the I.T. infrastructure, often times compromising systems that were thought to be "unconnected" or protected.
Once the attacker has complete control over the target he begins to carefully cover his tracks. This process often times can be accomplished very quickly if the attack was planned properly. This process can be aided by using specialized tools and scripts.
After the attacker has covered his tracks, he installs a root kit into the system which enables his to come and go as he pleases. This root kit also establishes a covert "Hacker Control Connection" which is undetected and unobstructed by the firewall.
Once these steps are complete, the attacker begins to attack other computer systems on the network. Now that he has successfully eliminated the security boundary, the entire I.T. infrastructure is at his disposal. Since he has gone undetected, he can take as much time as he needs.
The attacker then targets two very sensitive systems within the infrastructure. The first is a credit card database server. He knows that this is a credit card database server because he's been monitoring the transactions to it from the web server. He also knows that he can sell the thousands of credit cards on this server for quite a bit of money.
The second system that the attacker targets is a system which contains the companies employee information and trade secrets. He knows that he can sell the employee information to people on the black market interested in stealing identities. He also knows that he can sell the trade secrets to competitors for good money.
What can Penetration Testing do for Your Business?
Using FairCo's Security Specialists to test your network via a Penetration Test will enable you to defend your network against attacks from malicious hackers. FairCo's Security Specialists understand how to defend against the technologies that they employ to penetrate a network, the same technologies used by malicious hackers.
At the conclusion of a Penetration Test the results are carefully explained and the methods for defending against future attacks are defined. FairCo will also help clients implement the fixes required to defend their networks against attack.