| |
|
PENETRATION TESTSPENETRATION TESTS
|
Penetration tests provide a detailed report on a system's vulnerabilities and the organisations exposure to Information Security Threats. These tests do not simply emulate an attack on the system, but rather try to find every possible avenue for comprising a system. An attack needs to be successful only once, but a system has to be secure all the time.
An attack on an organisation's system can be devastating. The damage caused can infringe upon the company's complaints and legal obligations, impact a company's ability to continue trading, hurt the organisations reputation, and disclose confidential information such as trade secrets.
Depending on the Organisations requirements, CIS's methodology may contain, but is not limited to the following stages:
|
 |
| » |
Active attempts to retrieve corporate email, phone calls, instant messages, account lists, passwords, accounting records, intellectual property. |
| » |
Firewall/IDS/IPS evasion and exploitation |
| » |
Remote access compromise (VPN, PBX, War Dialing) |
| » |
Client side exploitation |
| » |
Phishing attacks / Social Engineering |
| » |
Untrusted media devices, (USB dongle/CD attack) |
| » |
Wireless key cracking, (WPA, LEAP, WEP) |
|
|
