|
Penetration Testing
"You can't manage what you can't measure"... When an
organisation is looking at their overall situation
as far as systems and network security is concerned,
often the first step is to understand where they are
today in terms of systems and potential
vulnerabilities that may exist on those systems.
From this it is possible to draw up an action plan
of how to address and minimise those risks. Often
vulnerability assessment forms part of a gap
analysis to see how compliant an organisation is
with their security policy or against a standard
such as ISO27001 or PCI DSS.
Armana System's
consultants have a great deal of experience in
providing such services and recognise that there is
a "practical" side to any such service. After
performing the consultancy, a report is produced
which outlines any risks or vulnerabilities found
together with an explanation of how these may
practically impact an organisation together with
recommendations for minimising such risks.
Armana Systems offers
two services in this arena:
|
|
A
vulnerability assessment is the
identification of potential weaknesses in a
system or systems that could be exploited to
gain access to or steal data from the system
in question. Using a range of commercial and
public-domain tools, our consultants will
quickly test the systems to identify any
such vulnerabilities. The key skill is that,
once the scans have been run, a "real-world"
interpretation is put on the results to
accurately inform you as to the real
vulnerabilities. This service can be
performed on site or across the Internet as
required. A full report is produced which
outlines any vulnerabilities found, their
potential impact and also, where possible,
instructions and advice on how to fix them,
or at least minimise the impact of a breach. |
|
| |
|
|
|
|
Penetration
testing takes the vulnerability assessment
to the next level. Once a scan has been
performed to identify potential
vulnerabilities, these are then exploited by
one of our consultants to try and gain
access to the system or systems in question.
The testing then goes further to include
(should you so wish) social engineering
attacks (still one of the most successful
forms of attack). Again, once complete, a
full report is produced which outlines the
results of the various tests and also
suggested fixes. A presentation can also be
prepared and given to executive or technical
audiences. |
|
| |
|
