Our network penetration testing & security audit services are conducted by skilled professionals
using the latest tools, best practice and our own proprietary testing techniques.
|The tests we can conduct include:
||Do you know what your network looks like? Using a combination of tools and experience, we
discover the network structure and map your network. We disclose the network perimeter, highlighting third-party connections.
Our discovery service includes a review of router and switch configuration, passwords and SNMP community strings. We investigate
third-party connections, dial-in and dial-out facilities, firewalls and edge routers, and set the stage for subsequent penetration
tests and vulnerability scans.
|Network Penetration Testing
||If we can get in, so perhaps can the bad guys... We penetration test your network by connecting
on site and attempting to gain access to local and third-party resources. Initially we work without a legitimate logon, then as a
standard (non-privileged) user and finally as a privileged user. In all cases we attempt to exploit the information gained in the
network discovery phase. We target customer data, personnel, financial and payroll information. We also attempt access to other
networks by "piggy-backing" from your corporate network. During this exercise, we also review your standard workstation
configuration (operating system, Internet browser, e-mail, etc.) for important vulnerabilities.
|Network & Server Security Audit
||Who - or what - is the weakest link? Using professional analysis tools and staff interviews we analyse
your corporate network security profile. We produce a detailed report of weaknesses and an action plan to remedy them. We find redundant
accounts, well known admin accounts, easy-to-guess passwords, excessive file permissions and much more. We review the security configuration
of a number of sample servers, including account policies, rights and permissions, audit logs, administrative accounts, service accounts,
patch levels and published vulnerabilities. We also penetration test a sample of servers, recommend modifications and improvements as necessary.
|DMZ Server Security Audit
||This service provides a thorough on-site security audit of your DMZ servers. In addition to platform
security configuration analysis and internal penetration testing, we can also conduct interviews and physical inspections. We review the
security configuration of your servers, including file systems, directory design, rights and permissions, change control, and audit logs. We
recommend modifications and improvements as necessary. We also penetration test your servers and firewall from the DMZ and internal network
|Firewall Rules Review
||We examine your firewall rules and configuration to ensure that the rules reflect your business requirements.
We check what is permitted and what is denied, look for excessive access and ensure that the rules are in the correct order. We highlight missing
descriptions, duplicate or conflicting rules and weak configurations.
|IDS/IPS Penetration Testing
||Intrusion Detection and Prevention Systems offer great benefits, warning and defending against attacks,
but are frequently complex to configure and test. With the constant increase in threats and attacks it is critical to confirm that your IDS or
IPS is protecting you against those threats. We test your Intrusion Detection or Protection System in a controlled, repeatable and safe manner -
even across production networks.
|Wireless Security Testing
||Please see our Wireless
Penetration Testing page for further information on this service.
|Workstation Security Testing
||This is conducted on site against a sample of workstations of your choosing. We attempt to circumvent local access
controls to simulate an attack by an unauthorised user such as a visitor or cleaner. We also conduct a full audit of the workstation build, using
credentials you provide us. We investigate what a typical user can do and whether your security controls are truly effective. This exercise will
assist you in improving your build standard, policies and procedures. This type of testing can also be done as part of a social engineering
excercise. Please see the item below.
||Effective network security is as much about people as the technology they use or are responsible for. But how vigilent are
your people at protecting your organisation and its information assets - how secure is your "human firewall"? We can find the areas of weakness in
your staff awareness, policy and procedures - providing you with valuable information for a security awareness and training campaign, which we could also
undertake, that is tailored to your organisation and its culture. Please see our Social
Engineering page for more information on the services we offer in this area.
|Security Awareness Training
||We mentioned above that people are really what makes security work. We can also help you with your security
awareness campaign and training. Please see our Security Awareness Training
page for more information on the services we offer in this area.
|Remote (home) Security Audit
||We can review and provide assistance with your policies for home and mobile workers and audit your remote working practices.
If appropriate, we can undertake war driving and wireless audits in the vicinity of a staff member's home (with their knowledge) in order to review the opportunity
for information leakage. We can also undertake remote access and VPN testing to review the security of these potential backdoors into your organisation's
network infrastructure. Deliverables include detailed reports illustrating vulnerable areas and advice and guidance on improvements.
At First Base Technologies we pride ourselves in being with you every step of the way in securing your network and associated infrastructure from attack.