Impressed by the latest Star Wars? The last Jedi episode intrigued you so much that you’ve set your company network password to “SkYwAlKeR.” If you think that this password is strong enough to protect you from an unauthorized penetration, THINK AGAIN.
Perhaps you have gone with the more traditional password that you will never forget; ‘password.’ After all, who is going to want to steal your family photo album from your computer?
Even if you are an experienced System Administrator, looking after the largest network systems, using intricate passwords, and you pay for a reliable backup solution, you believe that a ransomware attack will not be likely.
Unfortunately, the answers are no, no, and no (again).
As the recent and significant ransomware attacks show, a personal photo archive is a sufficient reason to pay a ransom. Passwords based on pop culture terms are typically the first to be hacked. Last but not least, there is no 100% reliable backup solution that will completely protect you against ransomware attacks as it is impossible to safeguard all information all the time.
Prevention is always better than a cure.
Act First. Check the integrity of your network, before it is too late.
At Polytech Software, we are here to help you to understand any exposures that you might face to security threats with our new service of Network Penetration Testing. We will work with you to identify any potential vulnerabilities in your network, systems, and devices. We will then also provide you with guidance on how to strengthen your company security at no extra cost.
Duration: 1-2 weeks
Prices: Very affordable!
How Does Pen Testing Work?
We will check every device on the network, including computers, servers, printers, routers, IP-cameras, and payment terminals. We will check the visibility, open ports and whether it is possible to get access to the devices without knowing the login and password. We will carefully analyze login and password strength, along with the chances of generating a login/password pair.
Services: Sites, Databases, Control Panels for Devices/Services/Servers/Programs; Remote Access Programs (TCP Connections Tunnelling, VPN, SSH, Remote Desktop).
Once the pen testing is complete, you will be provided with a list of problems along with any suggested workable solutions. These solutions could be a simple action, such as securing ports, making passwords more complex, or adding on a backup solution, if, for example, it emerges that the database or application servers are not protected.
We will also check and advise on updating operating systems, applications, and malware databases. Often, outdated versions can also be the cause of whole network security flaws. Whatever issues arise or are uncovered during these checks, you can rest assured the team at Softheme will offer the most efficient solution requiring minimal costs and time.
Here are some more in-depth details for those who wish to have a detailed account of what the different stages of network penetrating testing entail.
Information Gathering Process
Gather network information such as the network addressing, network components, and the security tools used. We will gather the data from all reachable sources, both private and public. Undertaking a complete network scanning, examine your security policies, communicate with network administrators, lookup through databases such as ‘whois,’ and ‘shodan.’ Based on all the information we obtain, we will determine particular devices and processes that need further testing, define tools and appliances. Having complete network information also allows us to accurately calculate and arrange the adequate time for the penetration tests.
Amongst other things, we also check external access to the network and devices inside the network by IP-addresses and standard ports of well-known services. Testing the overall feasibility to get through the firewall, and also verifying the presence of antivirus programs.
Define Devices Types and Versions
At this stage, we undertake a complete network scanning in order to detect all network services and applications. We arrange an exhaustive list of machines that are online (both physical machines and virtual computers, and additionally, printers, IP cameras, or any other devices on the network can be included as well).
Identify Security Flaws
We validate the versions currency of the installed software and check for the presence of the known problems associated with any outdated software. We will also check passwords on all physical and network devices. For instance, if there is a common issue when device logins and passwords are reset to default ones after updates, and you may not even be notified that it has happened.
Network Attacks Simulation
At this stage, we simulate real-life attacks (including password mining) on different services such as SSH, RDP, NFS and so on. We select a particular service, such as RDP that uses port 3389. Using scripts and scanners, we compile a list of all the machines from the network, where this port is, in fact, open, which means that the service is on and access is allowed and try to log in using various standard login/password combinations. If the login attempt is successful, the machine is added to the list of vulnerable instances and added to the report.
Application-Level Attacks Simulation
The final testing stage is checking network applications (WEB, SQL, MongoDB, PHPMyAdmin, Apache Tomcat and others). Here, we are examining all existing network applications for critical vulnerabilities that allow executing commands on the host and compile the list of servers that are relatively easy to get access to.
We will evaluate the resilience of your PCs and servers against malware attacks and network penetrations, so you will be informed on the protection level of your company or enterprise data and will be able to justify your endpoint data protection budget.
If you have any questions whatsoever about Pen Testing for your business, please get in touch with us on the email below or leave a comment at the end of this post.
We are here to help discuss any element of pen-testing with you.