Penetration Testing
Leading Network Security Consulting Services
Our experts provide penetration testing Edmonton clients need in order to check the security of their external and / or internal networks on a regular basis. They provide a very unique approach in both identifying as well as validating weaknesses in your diverse environment’s security.
Your network will be profiled in a very low-impact, stealthy way that mimicks the techniques of an actual attack.
- Attempt to gain administrative access on a system that is compromised via through privilege escalation.
- Attempt to exploit vulnerabilities in databases, client-side systems, servers, network devices etc.
- Identify vital service, application or operating system vulnerabilities.
- Replicate an attackers attempt to alter, steal or access data on compromised systems in order to reveal the implications of an attack.
- You get a final detailed report that includes recommended remedies to vulnerabilities.
- In the end, your system environment will be retested – in order to ensure that any issues which were discovered are properly patched and secure.
We provide clients penetration testing services that assist in obtaining or ensuring compliance for your organization.
Methodology of Attack
- Gathering Information – gleaning background information on your organization in order to create a profile based on publically available (internet) information
- Perform a review of your network architecture utilizing the info that they have been able to gather about your network.
- Identify any user names and try attacks such as brute-force authentication on any of your devices or applications that are available on the internet.
- After enumerating network-available hosts our pentest specialists will utilize data from the internet to identify any services that might be available on the servers
- Create detailed network topology maps that help you understand where you can address vulnerabilities.
- Create a diagram of your organizations network architecture – which will show any access controls – which will be based on information from the previous steps.
- Perform network scans to identify any network hosts, clients or servers that are owned by your organization.
- Try to get access to your network as well as assess the actual depth that a network attacker can achieve.
- Depending on the level of test required, actual security assessors can visit your physical premises in order to attempt social engineering attacks.
Social Engineering
An organization can have excellent firewalls, spam filtering, desktop antivirus and more – but that may not be enough if the staff are not all trained in some basic I.T. security procedures as well.
In social engineering, a target is either manipulated via email or other digital means – or perhaps in person
An attractive young person comes to your front desk for example, and gives a decent story about being on the way to a job interview, but forgot their resume – would you be willing to just pop their usb stick into your computer and print a copy of their resume? They’d be very grateful.
…and then, perhaps have complete control of your machine – and the network it’s attached to.