Penetration Testing

The scope of the Penetration Testing is to assess the IT assets of an organization. The IT Assets include firewalls, routers, VPN, IDS/IPS, Web servers, Application servers, Database servers, etc. Penetration Testing provides an insight into the organisation’s current state of security, discover possible ways to penetrate and test the effectiveness of security countermeasures. We perform our Penetration Testing in two formats:

  • External Basic Penetration Testing: Performed remotely with no internal access provided to our security experts. The goal is to identify and classify the weaknesses and penetrate the internet-facing IT assets of an organization such as Web Servers, Network Gateways, VPN, E-mail Servers, and Firewalls.
  • Internal Basic Penetration Testing: Performed from within the premises of the target organization, usually to identify & classify threats and vulnerabilities in internal network presented by someone who already have access to the organization’s network such as an employee, contractor, or guest.

Phase Sequence

In delivering the Basic Penetration Testing service, CEP Ltd. Agency for Security and Safety will use a combination of automated and manual scanning methods and will utilize commercial and publicly available tools, as well as custom scripts and applications.

  • Reconnaissance: gathering preliminary data or intelligence on the target organization. The data is gathered in order to better plan for the attack. Information gathered in this step includes IP address ranges, public email addresses, web sites, and others.
  • Scanning & Enumeration: gathering more information about the connected systems and running applications and services in the organization’s network. Information such as operating system type and version, user accounts, email addresses, service version and release numbers are also gathered.
  • Identify vulnerabilities: based on information gathered in the previous two phases, we will identify weak services running in your network or applications that have known vulnerabilities.
  • Exploitation: Using readily available code or create customized one to take advantage of identified vulnerabilities to gain access to target vulnerable system.
  • Privilege escalation: In some cases, the existing vulnerability provides low level access only such as normal user access with limited privileges. In this step, we will attempt to gain full administrative access on the machine.

 

Summary

Upon completion of the Basic Penetration Testing, a detailed report will be sent to client, including the following:

  • Summary of the purpose of this assessment, as well as brief explanation of the threats that the organization is exposed to from a business perspective.
  • A detailed, technical explanation of the findings of the assessment along with steps and proofs of the findings.
  • Conclusion & Recommendations: This section provides final recommendations and summary of the issues found during the security assessment.



Please call us for more Informations: +41(0)41 761 38 27