 |
 |
PENETRATION TESTS |
|
Penetration tests provide a detailed report on a system's vulnerabilities and the organisations exposure to Information Security Threats. These tests do not simply emulate an attack on the system, but rather try to find every possible avenue for comprising a system. An attack needs to be successful only once, but a system has to be secure all the time.
An attack on an organisation's system can be devastating. The damage caused can infringe upon the company's complaints and legal obligations, impact a company's ability to continue trading, hurt the organisations reputation, and disclose confidential information such as trade secrets.
Depending on the Organisations requirements, SSR-i's methodology may contain, but is not limited to the following stages:
|
 |
| » |
Active attempts to retrieve corporate email, phone calls, instant messages, account lists, passwords, accounting records, intellectual property. |
| » |
Firewall/IDS/IPS evasion and exploitation |
| » |
Remote access compromise (VPN, PBX, War Dialing) |
| » |
Client side exploitation |
| » |
Phishing attacks / Social Engineering |
| » |
Untrusted media devices, (USB dongle/CD attack) |
| » |
Wireless key cracking, (WPA, LEAP, WEP) |
|
|
|
|
