skip to: page content | links on this page | site navigation | footer (site information)

About Softwink | Contact Us | IDS Login

Penetration Testing

Penetration Testing

"... Regularly test the key controls, systems and procedures of the information security program. The frequency and nature of such tests should be determined by your risk assessment. Tests should be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs." - GLBA

"Perform a periodic technical and non-technical evaluation... that establishes the extent to which an entity's security policies and procedures meet the requirements of this sub-part." – HIPAA

 

 

 

During Penetration testing we attempt to penetrate your existing software, hardware, and network equipment using a variety of sophisticated techniques. Our engineers initially work closely with you in order to identify your specific needs as well as set testing parameters. Penetration testing then begins with a quiet attack using many known and unknown hacker techniques to check firewall responses. After determining the type of hardware and software used, appropriate exploits are applied to gain access. We test both your external network as well as your internal configuration in order to provide you with a comprehensive report concerning weaknesses and vulnerabilities.

Softwink approaches penetration testing from an innovative and comprehensive perspective. While many companies simply scan your network for obvious weaknesses, Softwink customizes its testing to find all vulnerabilities that could be exploited by a persistent hacker. During external penetration procedures we identify weaknesses on routers, switches, and servers, while our internal procedures identify weaknesses that could be exploited by a disgruntled employee who already has access to the network with a valid user ID and password.

Finally, we provide you with a customized report which contains an executive summary of any vulnerabilities found in the network, recommendations needed to address the vulnerabilities, and a technical rendering of the data generated during the test.

Our engineers have over 20 years experience in systems penetration and security techniques. They are certified in variety of areas and Security+ designations and undergo regular training in new penetration testing techniques, firewall configuration, and analysis procedures.

External Penetration Testing

External penetration testing begins with a variety of reconnaissance procedures. We first identify target devices on the public network that may be easily accessible to hackers. We identify the specific software and software version in order to customize our attack. We then attempt to penetrate these devices from the Internet using automatic as well as customized manual techniques. We also analyze your website to determine any potential weaknesses in coding and structure. Upon request, we also scan your network for unauthorized modems that may act as "open doors" for hackers.

Internal Penetration Testing

For this part of the project, we are on-site at your location. We start out with limited knowledge of your network structure and attempt to gain access, much like a disgruntled employee would. We then actively collaborate with your on-site IT or security team to analyze vulnerabilities on your servers, workstations, and network equipment.

Social Engineering

We also employ social engineering techniques. You can have the most expensive software and hardware protecting your network; yet your greatest weakness may be an unsuspecting employee. Through social engineering techniques we will attempt to get your users to divulge information about your network that would enable a “network burglar” to gain access. This can be done for example, by calling an employee and telling them that we are helping them with a fictitious network problem and asking them to disclose pertinent information such as user names and passwords. We may also ask an employee to open an email and install a malicious program.

Customizable Packages

All of our penetration testing is fully customizable, you can choose a comprehensive package that involves external and internal testing as well as social engineering or you may select a smaller package with only one or two of the above components. We can also customize the depth of the testing as well as the length of the project in order to meet your specific needs.

About Us | Terms of Use | Privacy Policy | Contact Us | ©2010 Softwink, Inc.