Information Security
Penetration Testing

The objective is to test the robustness of client’s IT security against malicious activity by internal and external hackers and determine if the client’s systems and processors are successful in detecting and/or deterring the hacker. We continuously adopt the latest standards for penetration testing and currently adhere to SANS, ISECOM-OSSTMM and CC standards.

Eureka will conduct a ‘Black Box’ external penetration test where we start with zero knowledge of the client network and evaluate the client systems security against external hackers. Additionally, an Internal Penetration test will be performed using information available to an average user and evaluate how vulnerable the client’s system is against an internal hacker.

These tests will consist of four phases, during which various tools and techniques will be used to gain information and identify vulnerabilities associated with client’s information systems. Activities in these phases include:

Network mapping
Eureka’s Penetration Testers will obtain much of the required information regarding the site’s network profile, such as IP address ranges, telephone number ranges, and other general network topology through public information sources, such as Internet registration services, web pages, and telephone directories.

Vulnerability identification
During this phase, Eureka’s Penetration Testers will attempt to associate operating systems and applications with identified computers on the network. Depending upon network architecture, this may be accomplished using automated tools or manual techniques.

Exploitation
During this phase, system and user information will be used to attack the authentication processes of the target systems. Sample attack scenarios in this phase include, but are not limited to: buffer overflows, application or system configuration problems, modems, routing issues, and DNS attacks, address spoofing, share access and exploitation of inherent system trust relationships. Potential vulnerabilities will be systematically tested in the order of penetration and detection probability as determined by the members of the Eureka penetration testing team.

Reporting
Eureka’s Penetration Testers will brief the client of the results via an on-site or online presentation. These results will also be documented in a management level report provided to the client.

< Back

  


© 2008 Eureka Technology Partners | All Rights Reserved
Technologies Help Desk Services Network Monitoring & Management Eureka Technology Partners Clients Information Security Contact Us About Us Expertise Disaster Recovery & Backup Media ISO 20000 Certified External Directory