The concept of cyber security is a complete foreign entity to many. Especially at a business level, its amazing how many businesses still do not have sufficient security solutions, on both their network and endpoints. Too often we hear from customers when it’s too late. Cyber security should not be a reaction, but rather a proaction to prevent any potential breach. A bit of investment beforehand, can save a lot of money in the long run, especially if you are holding any sensitive information on your network.
Also known as ethical hacking, penetration testing or ‘pen testing’ is the process of probing a network to discover vulnerabilities in network security or outdated software that a malicious party could exploit. Using a variety of specialised tools and techniques, the tester is able to examine the network from different positions of attack, in order to determine whether or not there is a reasonable level of security. The harder it is for somebody with malicious intent to penetrate your defences, the more likely they are to move on to the next target.
JARGON BUSTER! There are many terms and acronyms surrounding cyber security that can make the whole topic overwhelming. Below we’ve assembled a few of the most common terms, and explained them as simply as possible! Click on the terms to reveal the descriptions.
May hack for the purpose of good but without permission. Most commonly found hackers on the internet. Don’t tend to hack for personal gain, although may sometimes extort a business if a significant vulnerability is found.
Generally hackers are quite careful to cover their tracks to avoid being detected or traced. Suicide hackers do not care about this and only care about causing as much damage as possible before they are stopped, with no fear of the consequences.
Code injection technique that allows attacker to edit entries in a SQL database to provide different outcomes, such as denial of service, or even altering the price of a product within an online store.
ARP (address resolution protocol) poisoning involves attackers sending lots of bogus ARP requests to networking equipment in order to trick it into thinking their device is the gateway for all traffic into and out of the network. This allows attackers to intercept all traffic in and out of the network, potentially “sniffing” out any unencrypted credentials.
Privilege escalation is an exploit whereby an attacker can gain higher level privileges on a system with a lower level user. This allows them to carry out potentially damaging actions that they wouldn’t normally have permissions to do.
The purple team was born from trying to concile the red and blue teams. A purple team is a traditional red and blue team working closely together in order to maximise cyber defences via constant communication of potential issues.
> OUR SERVICES
Unfortunately, when it comes to cyber security, there is no 'silver bullet.' However, penetration testing is a very good place to start when it comes to reassurance with regards to the level of cyber security you're currently employing. See below for the penetration testing options we offer.
NETWORK PEN TEST
Network – most common attack vector and most undertaken pen test. This probes your network infrastructure to vulnerabilities or weaknesses. Can be undertaken on site, remotely, or a combination of the 2 (recommended.) Common tests would involve firewall scanning, bypassing, configuration testing, DNS zone transfers. Common targets would include SSH, SQL, mail servers, FTP servers etc.
WEB APPLICATION PEN TEST
Testing web based applications for any vulnerabilities. Much more in depth testing components such as java, active X, APIs etc. tests take quite a long time and more in depth knowledge required by the tester. Common attacks would be SQL injection or cross site scripting.
WIRELESS PEN TEST
Tests the security on the wirelsss network. Tests for weak keys and out of date protocols. Will test all devices attached to network including smartphones, tablets, laptops, as well as any other wireless devices such as CCTV cameras etc. this will always be undertaken at the customer site as the tester needs to be in range of the wireless signal.
SOCIAL ENGINEERING PEN TEST
This is where the tester moonlights as someone else in order to gain valuable information directly from employees. This can be done via remote means such as phishing emails or telephone calls, or on site in the way of face to face communication or dumpster diving.
> CONTACT US
For further information regarding our penetration testing services, talk to us on the live chat, or fill in the below form and we'll get back to you ASAP!
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.