IT Penetration Testing
External Network Penetration Assessment
Identify and analyze vulnerabilities within your organization’s Internet-facing infrastructure
Elevate will identify and deeply analyze vulnerabilities within an organization’s Internet-facing infrastructure and attached systems. Elevate follows a pragmatic approach when conducting a vulnerability assessment or penetration test. This results in a perfected, repeatable process that maximizes information transfer to the client and ensures that all vulnerabilities have been identified.
External Methodology composed of four components:
Elevate will follow our proven methodology to evaluate the security posture of all network segment(s) by passively and actively testing all the connection points of the hosts on that network segment and identifying potential vulnerabilities on these targets. After all networks and hosts have been assessed for external connectivity and open services, an attempt will be made to determine if any weak configuration settings or parameters are in use for any external system.
Optional Extensive Penetration Test
Many of Elevate’s clients request us to conduct an exhaustive Penetration Test against identified critical servers to discover all current and potential vulnerabilities and demonstrate the ease or difficulty of compromising security on these important resources. For these engagements, a Certified Ethical Hacker (CEH) / Certified Information Security Auditor (CISA) conducts a comprehensive penetration test against chosen critical servers. Probes and attacks include both stealthy activities and overt attacks in an effort to determine the full security capabilities of the server(s). Elevate will attempt to deliver a payload, create unauthorized credentials, or potentially drop the server to a command prompt during this test.
Internal Network Penetration Assessment
Elevate’s internal network vulnerability assessment will verify that the security controls implemented on an organization’s hosts provide an adequate level of protection against network attacks. The Elevate security team will scan and validate the security of the network and perform penetration testing against selected hosts. This test will give the organization a thorough understanding of how vulnerable its internal infrastructure is to such threats as disgruntled employees, malicious hackers who gain access to the building, and former employees with “lingering” access, as well as the level of risk should someone compromise an alternative entry point. Elevate can include many valuable components such as:
- Open File Shares scan and report
- SMNP scan
- Promiscuous NICs scan and report
- Database Security Analysis including MS SQL or Oracle
- Active Directory assessment
The methodology used for the Internal Network Penetration Assessment is similar to that of the external test. The major differentiating factors involve the way our tools and methodologies are used when directly connected to the organization’s network, time windows utilized, and the components listed above.