Penetration Testing and Computer Network Security

What is Penetration Testing?

A penetration test, or pen-test, is the process of actively testing your organization’s security measures by attempting to penetrate network security using a variety of measures. It is, in essence, hacking your organization’s network in order to evaluate and harden the security measures already in place.

Why GDF’s Pen-Testing is Different

If your network has never been pen-tested, or if your security measures are haphazard – perhaps your company is smaller and has grown quickly – chances are a typical pen-test team could breach your system in under an hour.  Many companies pen-test first and then tell you what is wrong after. This is not the way we handle a penetration test at GDF. Instead, we follow a cost saving and very effective pen-test procedure that we’ve developed after evaluating the thousands of tests we’ve performed.

Harden the Network first, THEN Pen-Test It

  1. We start by conducting a thorough interview with your security and IT personnel to find out about your system and its current security posture. Before we even begin penetration testing, our experts will immediately make suggestions regarding ineffective equipment and technologies, such as poor choices in security software, easily breachable firewalls, weak security procedures, etc.
  2. We work with you to develop a vulnerability assessment. This is basically a full evaluation of the current state of your security posture and is typically performed using commercial software packages that scan and search your system for both internal (within your local network) and external (from the Internet) security issues, problems in your network set-up, etc. In many cases, companies can perform their own vulnerability assessment using software tools we gladly recommend, which results in cost savings for you and in no way compromises the viability of the pen-test.
  3. Pre-Test Preparation. After we review the vulnerability assessment, our team makes specific recommendations regarding all aspects of your security – we want your network as secure as possible BEFORE we do the actual penetration test.
  4. We perform a full penetration test using whatever types of attacks or breach techniques are needed to defeat your now upgraded security and gain access to your system(s).

Post Test Deliverables

After the completion of penetration testing, we provide a detailed analysis of the methods and techniques used during the test, the results of the various attempts at compromise, as well as detailed documentation on remediation of any security flaws found. GDF simply provides the most thorough and cost effective penetration test you can get.

What is Tested?

Penetration testing involves the systematic analysis of all the security measures in place. A full test should include some or all of the following areas, with the exact requirements usually being agreed upon in a formal scoping document prior to commencement (this list is provided courtesy of the OSSTMM):

  • Network Security
  • Network Surveying
  • Port Scanning
  • System Identification
  • Services Identification
  • Vulnerability Research & Verification
  • Application Testing & Code Review
  • Router Testing
  • Firewall Testing
  • Intrusion Detection System Testing
  • Trusted Systems Testing
  • Password Cracking
  • Denial of Service Testing
  • Containment Measures Testing
  • Information Security
  • Document Grinding
  • Competitive Intelligence Scouting
  • Privacy Review
  • Social Engineering
  • Request Testing
  • Privacy Review
  • Infrared Systems Testing
  • Communications Security
  • PBX Testing
  • Voicemail Testing
  • FAX Review
  • Modem Testing
  • Physical Security
  • Access Controls Testing
  • Perimeter Review
  • Monitoring Review
  • Guided Suggestion Testing
  • Trust Testing
  • Wireless Security
  • Wireless Networks Testing
  • Cordless Communications Testing
  • Alarm Response Testing
  • Location Review
  • Environment Review