
Our focus is to deliver the highest quality services, helping our customers achieve their goals
Network Penetration Testing
Which Penetration Test is Right for You?
Penetration Testing can include so many different elements, that the first challenge is first deciding what tests should be commissioned.
For companies conducting regular tests who wish to gain a greater understanding of Penetration Testing, and how to engage with security suppliers, we recommend our one day Security Management course.
Matta has advisors, which can help you scope the requirements based on your objectives, budget and timescale. In a perfect world all the requirements can be met with the existing budget you had in mind. If this is not possible, however, we can suggest ways to gain the most benefit, and prioritise activities.
External Penetration Test
Conducting a penetration test on the public facing network is something most companies should consider doing at least annually. Apart from the obvious reasons of good compliance, it is important to supplement any VA work you may be doing with a full consultant based Penetration Test to ensure that your network is truly as robust as you think it may be from an attacker.
A consultant Penetration Test conducted by professionals may find issues that an automated test will miss. Although more expensive than an automated scan, the customer will have a high degree of confidence in the security of their network from a real attacker.
- Host discovery determines your 'footprint' on the Internet
- Comprehensive testing of all hosts on your DMZ
- Meet compliance requirements
- Identify common and less common misconfigured services, such as SSL certificates, and VPN's
- Identify out of date software that needs to be patched
- Validate your actual firewall rules vs. what they should be
- Identify rogue services, such as 'handy', but insecure developer portals
Additionally, Matta will scan the clients IP range to discover or validate the known hosts, and will conduct a number of 'open source' tests looking for information about the company a hacker would find useful.
Internal Penetration Test
Conducting Internal Penetration Tests has rapidly become a critical part of the Security Managers requirement. For good reason too, as anyone who has had to face questions from their board after an incident, can testify. The business drivers for internal network tests include:
- Ensuring access to sensitive data is restricted to authorised parties
- Validating the network's resilience to worm or virus propagation
- Securing third party links, and ensuring they have access to only the services they are authorised to access
- Compliance Requirement
Internal network tests can be conducted to varying degrees of detail, and focus on different 'Attack Vectors'. An Attack Vector is simply a way in which we think an attacker might attempt a compromise. For example, using SQL querying tools to access a database in an un-authorised manner is an attack vector if your concern is ensuring confidentiality on your database.
Back to services