Network Security Penetration Test

What is it?

A Network Security Penetration Test evaluates the effectiveness of your network security by simulating an exterior attack from a hacker. The aim will be to gain unauthorised access to the network and devices deployed within. Effective penetration testing shows if and how this can be achieved given the current security defences. We use a four stage testing method meeting specific objectives along the way.

• Reconnaissance: identify all points of access to the network.
• Scanning & enumeration: identify the devices and operating systems on the network and the security vulnerabilities associated with these devices.
• Gaining & expanding access: exploiting the vulnerabilities to gain access to the devices.
• Escalating privileges: once access is achieved, attempt to obtain and escalate user privileges to those with the capability to access, delete or modify sensitive information processed by these devices.

The key to penetration testing is to clearly identify the testing objective before starting. If you are testing to ensure that unauthorised access to your network cannot be achieved for instance, this objective should be clearly stated in the scope and addressed in the report of findings. Discuss your testing objective with our Factory Foreman.

Why should I do it?

To understand if and how a hacker could break into your network. Conducting regular routine testing will continue to verify your website security and confirm that you can identify and stop unauthorised access to prevent security incidents.

It is also globally recognised as “best practice” and commonly demonstrates due diligence for compliance to most governance risk and compliance legislation, regulation and standard frameworks.

How often should I do it?

You should test your network at least annually and after any major changes to your systems.

What will Risk Factory do?

• Conduct a thorough security penetration test of your network based on your specific objectives.
• Verify all points of access to the network.
• Identify security vulnerabilities associated with your network.
• Manually attempt to exploit those vulnerabilities to gain unauthorised access to applications and back end support systems.
• Manually attempt to escalate user access privileges obtained.
• Document our findings.

What will I receive?

• A comprehensive report of the findings and remediation recommendations with step-by-step instructions and screenshots evidencing exactly how unauthorised access to your network was obtained for your understanding. To see a sample report, contact our Factory Foreman.
• Telephonic support from an information security engineer for two weeks after the testing to answer any questions you may have about the report or remedial recommendations.
• A free retest two weeks after the original testing to ensure recommended remedial actions were effective in mitigating the vulnerabilities originally identified.
• A certificate of testing validation for compliance evidence.

Do I need to prepare anything in advance?

We just need the number and designation of the Internet Protocol (IP) addresses associated with your network. If you don’t know the addresses, don’t panic our Factory Foreman can help you.

Also, don’t forget to specify the exact number of tests you’d like to purchase when getting your quote. Our Factory Foreman will call you to schedule each test purchased. You can, for example, purchase multiple tests (for better value) and get them delivered over time when you need them to match your ongoing business requirements.