InfoSec Advisors Network Penetration Testing service looks at your network from the “OUTSIDE” as a hacker would see it to identify security vulnerabilities that may put your network at risk. This service may be engaged for a variety of reasons:
- You want the “peace of mind” that comes from having an objective third party look at your network and confirm that your information security policy has been properly implemented.
- You had a recent security breach and you want the vulnerabilities that allowed it to be corrected.
- You have an upcoming regulatory compliance audit and you want to make certain you are prepared for it.
Many of our clients use this service to audit the security profiles of their networks in the same way that they engage independent financial auditors to examine their financial auditors. The results of these audits can be used to confirm compliance with legal and financial regulations.
Engagement Objectives:
- Run network scanning tools from multiple remote locations to identify security vulnerabilities.
- Identify open ports on servers that could be exploited to attack your network.
- Identify servers running services that are not needed for specific business purposes.
- Identify website applications that could be attacked to compromise your network.
- Preparation of recommendations designed to eliminate or mitigate the risks posed by identified security vulnerabilities.
Benefits:
An objective, qualified and certified third party examines your network from multiple remote locations on the “OUTSIDE” to identify security vulnerabilities posed by:
- Improperly configured servers
- Open server ports that are not needed for specific business purposes
- Services running on servers that are not needed for specific business purposes
- Website code that can be exploited for malicious purposes
Recommendations are presented to eliminate or mitigate the identified security risks.
Most Frequently Asked Questions
How do I engage InfoSec Advisors to help me with an external penetration test?
When you contact us about external penetration testing, a security consultant will meet with you to identify and understand your requirements. We will draft a statement of work that accurately describes the work that needs to be done at your organization. Our statement of work includes a timeline and the cost for performing the work. We will review the statement of work with you to confirm that it accurately describes the work to be done. After it is signed by both parties, the work is scheduled.
How often should I run external penetration testing on my network?
Most corporate networks are constantly changing to keep up with the requirements of users in the business units who need the network to perform their jobs. To ensure that a high network security profile is maintained, security industry best practices suggest that external penetration testing should be performed at least annually or any time after a significant change is made to the network infrastructure.
How are the external penetration tests performed?
One of our certified network engineers will run scanning tools on your network via Internet connections from multiple remote locations to simulate the way a hacker might collect data and design an attack against your network. These tools gather data, encrypt it and store it on secure servers in our data center.
Are the external penetration tests intrusive and will they have a negative impact on the performance of my network?
Absolutely not! Our network scans do not manipulate files or change data on your network and they do not stress your network to impact performance. If you run an intrusion detection system on your network, it should alert you that scans are being run.
How disruptive are the external penetration tests to my normal business operations?
Our tests are not disruptive at all. We run them from remote locations so there is no need for our engineers and security consultants to be at your site. If you have a concern about the tests, they can be scheduled to run after hours.