An authorized way to bypass the existing complex of means of protection of the IS...
Penetration testing (penetration test, pentesting) - a method of assessing the security of automated systems (hereinafter - AS) or information and telecommunication systems (hereinafter - ITS) by partially modeling the actions of "external attackers" to penetrate (interfere with the work) in the AS or ITS ( who do not have authorized means of access) and "inside attackers" (who have some level of authorized access).
Specialists of LLC "SMART SOLUTIONS" have specialized education, many years of experience in the field of cyber security, as well as a creative approach in conducting penetration testing.
Specialists of LLC "SMART SOLUTIONS" have specialized education and many years of work experience in the field of technical and cryptographic information protection, as well as experience in designing and creating complex information protection systems in information and telecommunication systems (ITS) of various complexity, starting from automated first-class systems and ending with complex, distributed systems.
The essence of the "penetration testing" service is an authorized attempt to bypass the existing set of information system protection tools.
During the penetration testing, the role of the "intruder" is played by specialists of NVP "SMART SOLUTIONS" LLC, that is, specialists who must determine the level of security and existing vulnerabilities, identify the most likely ways of hacking and determine how well the means of detecting intrusions and protecting the information system from cyber attacks work. at the enterprise.
A penetration test allows you to get an objective assessment of how easy it is to gain access to the resources of a corporate network or a certain information system, in what way and through which vulnerabilities.
The main task of a penetration test is to fully simulate the action of an "attacker", which allows an authorized attack on a web server, an application or database server, personnel or a corporate network. Penetration testing can be performed both as part of a standards compliance audit and as a separate task.
When conducting a penetration test, the following tasks are solved:
• assessment of the current state of the information protection system in IS or IT;
• detection of information system vulnerabilities;
• using discovered vulnerabilities to obtain unauthorized access in order to demonstrate the presence of vulnerabilities for the information system;
• development of recommendations on increasing the effectiveness of information protection in IS.
Types of penetration tests:
| Social engineering | testing with the connection of the "human factor", the ability to clearly identify and receive confidential data and other information via the Internet or telephone (this group can include employees of the organization or any other authorized persons who are present in the local network of the organization); |
| Web app | is used to detect security vulnerabilities and other problems in several versions of web applications and services that are placed on the client or server side; |
| Network service | network penetration testing to detect the possibility of access by "hackers" or other unauthorized users; |
| Client part | the test is used to test applications installed on the client host / application; |
| Remote connection | тcreation of "vpn" or similar object that can provide access to the connected system; |
| Wireless networks | the test is intended for wireless applications and services, including their various components and functions (routers, filtering packages, encryption, decryption, etc.); |
| SCADA | testing of the System of automatic control and information collection. |
Penetration test steps:
Penetration test work includes a number of successive stages:
• Analysis of open sources;
• Instrumental scanning;
• Analysis / assessment of identified vulnerabilities and development of recommendations;
• Preparation of the report.
Test mode:
Both the external network perimeter and a separately launched service or host can be selected as the research object.
The test mode is selected based on the level of initial knowledge of the performer about the tested system (Black Box or White Box) and the level of awareness of the customer about the test (Black Hat or White Hat mode).
When choosing the Black Box level, the performer only knows the range of external IP addresses. This approach is as close as possible to the actions of a hacker, data about the tested object will be collected using open sources, social engineering, etc.
In the White Box mode, the performer has a much wider range of information. In this situation, specialists can be provided with documentation, source codes, network structure, as well as full access to the object under test.
Penetration testing can be an invaluable method for ensuring the information security of any organization. White-box penetration testing is often done as a fully automated, low-cost process. Black-box penetration testing is a labor-intensive activity and requires specialized knowledge to minimize risk to target systems.
Текст далі
Повний текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту
Повний текст текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту текст та опис продукту