External Penetration Testing
To identify an organization’s security weaknesses, all systems, components, and security mechanisms of the external Internet-facing network infrastructure must be examined and tested. AaSys Group’s Penetration Testing Program follows a five-step process:
- The engagement starts with a security topology review which analyzes the security architecture to ensure that the organization is provided with a comprehensive, multi-layer defense that is incorporated throughout the enterprise.
- The next step is to look at the environment from the hacker’s view (i.e., outside looking in). AaSys Group identifies vulnerabilities with systems that may allow access to the private parts of the institution’s network, allow the performance of a denial of service on the network, or obtain information from the institution’s private network that should not be available outside the unprotected network.
- A risk assessment and analysis are then completed to understand the potential impact of loss from a successful attack as well as the vulnerability of the device to an attack.
- The active exploitation stage follows with attacks on each vulnerability.
- Finally, reporting is prepared that includes guidance on mitigation of discovered weakness.
Internal Penetration Testing
Without adequate protection, your organization can be easily compromised, resulting in anything from a minor inconvenience to a breach that seriously harms your operations and bottom line. While unauthorized individuals gaining access to systems and data is concerning, more nefarious is the insider attack. Insiders may be authorized to bypass all of the security measures to perform their daily duties. Because insiders are legitimate users of their financial institution’s networks and systems, sophisticated technical capabilities of the individual are not necessarily required to carry out an insider attack. On the other hand, technically capable insiders are able and have carried out more sophisticated attacks that can have a more immediate widespread impact on financial institutions.
The internal penetration test is completed using an assortment of tools and scans and will provide visibility into services being run, default passwords being used, web directories and web services, and lapses in computer patching.
The only way to achieve 100% confidence that systems are secure is through testing.
Internal and External Penetration Testing will allow your institution to identify vulnerabilities…before hackers find and exploit them!