Define a penetration test or ethical hack?
Penetration testing is the process of evaluating your both physical and digital security systems and finding the areas that are insecure and that need attention. The main goal of penetration testing is not only to find security vulnerabilities, but to attempt to exploit them as well, which in turn can decrease the chances of data loss or allowing unauthorised persons access to network resources. Common problems discovered by penetration testing include software bugs, design flaws and configuration errors. Once these have been identified, they need to be quickly repaired in order to ensure that safety isn’t compromised for longer than necessary. Testing is vital for any business, no matter how large or small, as data has become the most important currency available to organisations.
The results of the penetration test are documented in a report, detailing any vulnerabilities that were found, what the tester was able to exploit because of the said vulnerability and suggesting potential remedial actions.
Reasons for performing a penetration test or ethical hack?
On average 30,000 websites are hacked every day*, 200,000 new malicious programs/viruses are detected every day**. Google recently reported that they detect 9,500 websites/day infected with malware used for drive-by download attacks, where the victim only has to browse the site to become infected, and 4,000 of these sites are legitimate company websites. Small businesses have been a target for cyber criminals for a few years now, because they are an easier target due to their lack of budget and expertise. Is your network as secure as it can be from hackers? Are you sure? Or are you helping cyber criminals distribute malicious programs to your customers, friends and family, even if you’re computers are just acting as a base of operations for attacking and infecting others.
We all know that companies aren’t supposed to store names, addresses, telephone numbers and credit/debit card information in an Excel spreadsheet or Access databases, etc, even if it is password protected, but our experience shows that it happens all too frequently.
Then there’s the purely malicious type of attack, this can again be for a multitude of reasons, a deliberate or grudge attack brought about by a dissatisfied customer, a competitor, an ex-employee or even a disgruntled employee. These attacks can be many fold; denial of service attacks where the attack prevents access to your website, mail server, or internet access by flooding the target with traffic. Defacement of a website, DNS poisoning, using your infrastructure as a SPAM Zombie. Deletion of data. The list could go on and on.
Then there are the organised hacking groups, such as LulzSec & Anonymous, opportunist hackers or even “script kiddies” (wannabe hackers) looking for a base to attack other targets. (This provides a means of hiding their tracks and giving them the ability to perform distributed denial of service attacks. The offender gains access to your network finds at least one base on your infrastructure and maintains access via the means of a “root kit” (please don’t be misled by the thought that you have antivirus software, a half decent hacker and a well-crafted root kit can easily evade any AV scan and be virtually undetectable on a computer). The root kit can be set to initiate a connection to whomever planted it, either permanently or at set times of the day or night. The perpetrator could also use your PCs as a means of down loading or even storing and publicising illegal web content, e.g. Pirated games and software, phishing websites and even kiddie-porn.
The hacker may wish to gain access to information they can sell onto competitors, this also means that one could class a disgruntled employee or even an employee serving their notice as a potential hacker. Don’t assume that one has to be a computer whiz-kid to be able to gain access to sensitive information.
There may also be the need to provide compliance and due diligence to customers, shareholders, industry regulators.
On an operational level, penetration testing can help identify a need for an information security policy or change to the existing procedures through; Identifying vulnerabilities and ascertaining their impact and likelihood so that they can be managed and if necessary a budget can be allocated and corrective measures implemented. However not all security solutions need to have an exorbitant price tag attached to them.
What can or should be tested?
Any way that a company or individual captures, stores and processes information can be tested. The means in which that the information is stored, the network infrastructure that transports the data, and the staff that manage and process the information. Typical areas to be tested are:
Operating systems of the servers and PCs, networking equipment such as firewalls, routers, switches, applications used on a day to day basis, databases, etc. Also laptop hard drive encryption.
Physical access controls, locks, dumpster diving (or skip scrounging as we British prefer to call it).
Telephony, VoIP, war-dialling, remote access servers, VPNs, etc.
Wireless, a poorly configured WIFI setup is a very easy target for any hacker.
Staff, social engineering techniques, security education.
What do you get for the money?
At Praetorian Security we aim our business at the start up, small business and Small to Medium Enterprise market. We appreciate that although security is important to you and your company, the cost of a penetration test supplied by one of the bigger players in the market could easily start at £5000 for a very basic assessment. We on the other hand only charge between £250 and £500 per day, depending on the size of the network. In most cases a penetration test of a small network with a single class C subnet with 250 devices and 1-2 public facing IP address’ could be performed in a couple of days, depending on what the scope of the test entails.
Praetorian Security don’t have large plush offices in a prime location, we don’t have a huge sales or a marketing departments. All our consultants work from home using exactly the same equipment and open source software that the bad guys use. We keep our costs to a minimum so we can keep the price to a minimum.
Penetration Test prices;
For anything outside these standard format tests please contact us for a very reasonable quotation.
For this an EC-Council Certified Ethical Hacker or Certified Security Analyst/Licensed Penetration Tester will scan and assess both the internal and external IP ranges, testing the effectiveness of your firewalls, determine the vulnerability of the systems on the network. Then, providing you are in agreement, try to exploit the said vulnerabilities without affecting the working operations to a great extent.
Where ever possible we will monitor an internal network for any signs suspicious network traffic.
Defining the scope
The scope of the penetration test will be clearly defined, not only what needs to be assessed but also what is not to be tested, the degree of testing that should be performed. This is known as the terms of engagement. The proposed date and time for the test to take place is agreed, along with the duration of the test, should it require more than one day. A document containing the penetration test scope is sent to your company for sign off and returned to us.
During the test we keep in touch with the client just in case any of the procedures should have an adverse effect, this is unlikely but always a possibility.
Once completed a test report is delivered with the findings of any vulnerabilities and where possible a best-practise resolution to the vulnerability.