“Let us find your vulnerabilities before anyone else does.”
A Penetration Test or Vulnerability Assessment is used to discover what an unauthorised individual(s) may be able to achieve when targeting your computer systems. Motives to attack you are numerous and include extortion, theft, or denying you the use of your system. The common denominator is a vulnerability which can be exploited. Let us find your vulnerabilities before anybody else does. It is imperative that your network is periodically tested by an authorised team to identify how an attacker would achieve their goals and allow us to recommend ways to mitigate the threats presented.
Computer Network Defence will work with the client to establish the scope of the Pen Test, this outlines the parameters of the test and defines exactly what needs to be tested and to what level the tests should be conducted, what constraints should be in place and how the test will be conducted. The Pen Test scope will also notify the tester about what must not be tested.
This involves passive and active discovery of your visible network assets, this will also allow us to confirm the scope of the Pen Test. The standard package is a weekly out of hours scan, the report is emailed to the client. Once per month an irregular scan is performed, this is analysed by CND and the client is briefed on any salient points.
There is a small risk of outages when undergoing a Pen Test and whilst we do all we can to minimise these risks, they remain present. It is highly recommended that systems are fully backed up prior to the Pen Test commencing. It should also be considered, that if an authorised Pen Test causes an outage, then an attacker could do the same when you least expect it, an authorised Pen Tester would also be able to shed some light on what might have caused the outage. The riskier elements, or indeed the entire Pen Test can be performed out of hours, in the evening or weekends if required.
A Pen Test always culminates in an understandable report detailing findings and what can be done to mitigate any identified vulnerabilities.