A network penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious user. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities.

Our Approach

The level of aggressiveness used by the tester will be calculated. The tester attempts to exploit vulnerabilities that might result in system disruptions. This includes, for instance, automatically trying out passwords and exploiting known buffer overflows in precisely identified target systems. Before taking such steps, the tester considers how likely they are to be successful and how serious the consequences would be. There is no denial of service tests scheduled by the tester.

The scope of the systems to be investigated is limited to a number of systems and services reachable from the Internet. There will not be any attacks made from inside the network or from the DMZ.

The approach used to execute the penetration test is adapted to generate alarms (noisy) and helps evaluate existing escalation procedures through identifiable attempts of network intrusion. The techniques used for testing are network-based / IP-based penetration tests. Staging attacks from fax networks, wireless networks, physical and social engineering is out of scope.

The penetration tests are staged via the network's connection to the internet only.