Penetration testing is the authorised simulation of electronic attacks on systems, looking for areas of weaknesses that can be exploited, to allow access to services and data.
CCC have found that, despite media reports of attacks and comprise and the risks posed. Within some organisations, there is a perception that there is little risk of them becoming victims and as they can see little or no cost benefit, penetration testing is often overlooked. This may also be due to internal information or assessments that show systems and data to be secure. If independent testing is undertaken, it is done so reluctantly and more often than not as a requirement to ‘tick a box’ for an audit or some other form of compliance.
Testing should be undertaken on a regular basis and when, when new elements are introduced, or significant upgrades takes place, so as to ensure those modifications have not created weaknesses and an adequate level of security is maintained.
With the continued drive towards online e-commerce services in various forms. Organisations are being pushed towards greater inter-connectivity between partners. Presenting extended risk to assets. These demands will require more than verbal assurances that systems are secure.
CCC have provided penetration testing services to government agencies and large corporations alike. Including, the military, police forces, CNI establishments and have been able to develop a variety of tests based on typical scenarios, including:
- Black Box
Blind testing – where no information is provided.
- Crystal or White Box
Testing with network topology provided.
- Third party (a)
An assumption is made that a third party has authorised access to some network services and seeks to abuse their privileges to gain greater access to information.
- Third party (b)
An assumption is made that a third party only has physical access to a location, from where they attempt to gain access to data.
- Rogue employee
An employee abuses their levels of access to obtain privileged information.
- Wireless employee
A test of designed for business-critical mobile employees. Undertaken at or near external locations used as access points.
- Social Engineering
A series of tests designed to identify potential avenues that can be explored to exploit human activity with systems.
We appreciate that goals will vary, depending on the scope and purpose of any test. However, the aim should always be to identify vulnerabilities that exist in order to mitigate risk.
Urgently responding to an incident after the event, depending on immediate impact is not always easy and could possibly be avoided with the help of external independent testing. Such incidents not only put an additional strain on resources. Having to understand how an incident has occurred. But also, what measures need put in place to protect systems and prevent any re-occurrence. With any loss of corporate image placing victims at a disadvantage with competitors.
“Zero-day warez…”For examples of penetration assignments →
The Nightmare scenario!
System owners often think that this element is not relevant in the majority of scenarios. However, testing without this element may not provide an accurate assessment of the situation. Consequently, those responsible have little or no idea of the volume of information available or its potential impact. These could include:
- Identifying the type of device, application or operating system
- Identifying any default accounts and passwords associated with those and testing.
- Obtaining names of individuals and their company email, for use in social engineering exercises.
As a result of searches, the type of information available is likely to include:
- DNS to IP mapping
- email addresses
- mail exchangers
- mutual friends/employee connections
- name servers
- telephone numbers
- social networking profiles
- web pages
- zone transfer tables
- news reports
- erroneously published information
- Dark web data
The resulting information could then be used to undertake social engineering attacks. Consequently, owners should periodically monitor the external information available.
Social engineering is the use of deception to manipulate parties into divulging information, which can then be used to possibly exploit systems. Consequently, intelligence gathering exercises can help to provide information on which to base attack, either verbally or electronically.
Other areas of exploitation associated with social engineering include:
- ‘dustbin-diving’ – Searching waste materials for potentially valuable information.
- ‘shoulder surfing’ – Peering over someone’s shoulder to see and memorise an access code or pin number.
Wireless networks are being used more and more by organisations today, due to their flexible nature. These can be an excellent solution to various networking needs, but without adequate security controls, can provide a point of access to a network.
CCC can help to assess networks and identify possible weaknesses, recommending any modifications, as a result. We are able to carry out a comprehensive assessment of both target and environment, which in the past has also identified rogue access points.
Once identified an external assessment of access points, would include, locating and monitoring for leaks, handshake capture and password quality assessment, including:
- Packet Decryption
- Packet Sniﬃng
- Forged MAC address association
- Deployment of rogue access points
- “Man-in-the-Middle” attacks
- Authentication server attacks
- Data collection
- Data analysis
Our expertise and experience, uniquely combines electronic forensic skills, with an understanding of corporate finance.
Asset Tracing – Audit – Computer Security – Digital Forensics – Due Diligence – eDiscovery – Fraud Investigation
Intelligence Gathering -Passwords Analysis – Penetration Testing – Wireless Security
Services underpinned with expertise and experience.