Penetration Testing - ESTec Security

Vulnerability Assessment
Incident Response
Intrusion/ Penetration Testing
ISO 27001 / ISO 17799 / BS 7799
Information Technology Risk Assessment
Security Policy Review and Formulation
Telecommunications Audit
Code Audit
Network Architecture Reviews
Firewall Rule Set Audit
Security Log Analysis
Expert Witness
Disaster Recovery Planning & Plan Reviews
Security Auditing
Security Awareness Programs

Intrusion Penetration Testing

Penetration testing should be considered whenever control systems are already in place and their functioning has to be tested. Penetration testing also verifies the functioning of a business's Intrusion Detection System. In addition, penetration testing identifies vulnerabilities in proprietary systems. Penetration testing takes place at 3 levels:

Initial testing occurs with only the information that might be discovered by an outside intruder: zero-knowledge testing.

The second level of testing checks for illegitimate or legal use of a machine by a legitimate user armed with the information legitimately available to him or her.

In the third level of testing, the intrusion test works as a well-informed malicious individual with strong computer knowledge and access to sophisticated tools.

The penetration testing methodology used by ESTec ensures that all potential weaknesses are tested, including all currently identifiable vulnerabilities. It stresses the application in ways that the developers never expected. Where an application exists on multiple machines (typical client/server architecture), we test each machine and the communications channel between systems. We also attempt to exploit 'features' of the applications to gain unauthorized access.

Sample Case

Customer: Major American Power and Gas Utility
Services: Penetration Test the SAP Accounting system
Problem: The utility was preparing to convert all accounting functions to SAP R/3. Management wanted to ensure that the controls in place adequately protected the system, which would soon handle billions of dollars in Receivable and Payables.
Solution: We conducted penetration testing on the accounting network, including a penetration attempt from the Internet. ESTec then provided a report detailing findings and recommendations. ESTec identified more than 80 critical vulnerabilities, and recommended additional control procedures to properly secure the accounting system. The recommendations included a change to the firewall configuration.
Result: After completing the majority of the recommendations, the accounting switchover took place, replacing an aging accounting system with a new Y2K compliant system.

For more information on our Intrusion/Penetration Testing Procedures
Click Here.


	About Us \| Products & Services \| Newsroom \| Education \| Careers \| Contact Us \| Privacy Commitment \| Terms of Use ©2002 ESTec Systems Corporation. All rights reserved.