Penetration tests are one of the basic ways of assessing security level of an IT system. The purpose is a practical assessment of the security level of the system in terms of vulnerability to unauthorized interference from the Internet.

Virtline performs tests in two stages: automatic scanning of the network using specialized tools, as well as verifying security by manual techniques – every service available on the Internet is manually subjected to simulations of attacks using various types of applications and exploits. Each test is finished by preparing a detailed report discussed with the client.

The elements of automatic scanning include:

  • Scanning for vulnerabilities (including IPv4/IPv6/hybrid networks)
  • Detection of vulnerabilities without authentication
  • Finding errors in system configuration
  • Finding outdated, unsupported software
  • Finding default passwords in use or guest accounts
  • Testing password strength (brute-force attack)
  • Possibility of scanning network devices
    • Firewalls
    • Routers
    • Switches (Juniper, Check Point, Cisco, etc.)
    • Printers
    • Network drives
  • Possibility of scanning various operating systems (Windows/Linux/MacOS etc.)
  • Risk assessment based on five severity levels (Critical, High, Medium, Low, Informational)

The components of manual network penetration tests include:

  • System identification using available network services (eg WWW, SMTP, FTP, Telnet)
  • Searching for computers and network devices available from the Internet, discovering types and versions of their operating systems and other software in order of detecting known vulnerabilities
  • Penetration of the system using TCP and UDP port scanners and security scanners commonly used by hackers
  • Analysis of network topology accessible from the Internet
  • Analysis of the results obtained from the scanning application
  • Security breach simulation
  • Assessing the system’s resilience to destructive attacks with help of professional tools
  • Evaluation of security system’s response to attacks
  • Analysis of firewall system security
  • Analysis of penetration tests results in order to assess the threat to the integrity of the system and the possibility of accessing data by an unauthorized person.