Network penetration tests
Penetration tests are one of the basic ways of assessing security level of an IT system. The purpose is a practical assessment of the security level of the system in terms of vulnerability to unauthorized interference from the Internet.
Virtline performs tests in two stages: automatic scanning of the network using specialized tools, as well as verifying security by manual techniques. Every service available on the Internet is manually subjected to simulations of attacks using various types of applications and exploits. Each test is finished by preparing a detailed report discussed with the client.
The elements of automatic scanning include:
Scanning for vulnerabilities (including IPv4/IPv6/hybrid networks)
Detection of vulnerabilities without authentication
Finding errors in system configuration
Finding outdated, unsupported software
Finding default passwords in use or guest accounts
Testing password strength (brute-force attack)
Possibility of scanning network devices
- Firewalle
- Routers
- Switches (Juniper, Check Point, Cisco itp.)
- Printers
- Network drives
Possibility of scanning various operating systems (Windows/Linux/MacOS etc.)
Risk assessment based on five severity levels (Critical, High, Medium, Low, Informational).
The components of manual network penetration tests include:
System identification using available network services (eg WWW, SMTP, FTP, Telnet)
Searching for computers and network devices available from the Internet, discovering types and versions of their operating systems and other software in order of detecting known vulnerabilities
Penetration of the system using TCP and UDP port scanners and security scanners commonly used by hackers
Analysis of network topology accessible from the Internet
Analysis of the results obtained from the scanning application
Security breach simulation
Assessing the system’s resilience to destructive attacks with help of professional tools
Evaluation of security system’s response to attacks
Analysis of firewall system security
Analysis of penetration tests results in order to assess the threat to the integrity of the system and the possibility of accessing data by an unauthorized person.