Hudson Business Networks - Secure Solutions
Information Security
Information Security

Security Policies

Assessments
 

Security Assessment

Security Audits

Risk Assessment

Threat Assessment

Vulnerability Assessment

Penetration Testing

Security Products

Secure Architectures

Investigations

Firewalls

Intrusion Detection

Virtual Networks

Content Filtering

Security News

Internet Services Networking Technologies Web Development Consulting Services Systems Support
About Hudson Business Networks Partnerships Privacy Contact Hudson Business Networks

Penetration Testing

Penetration testing attempts to penetrate a network or application to demonstrate the vulnerabilities and risks that exist within an environment. There are two versions of a penetration test to be considered. The key to each of these is the amount of knowledge and cooperation the organization provides to the testers.

Zero Knowledge
Zero Knowledge penetration testing is a no holds barred attempt to penetrate a company's infrastructure and can include: social engineering, malicious code, direct network attacks, extensive scanning, and the exploitation of vulnerabilities that are known and unknown. The testers are provided with no information, "Zero Knowledge", concerning the client's infrastructure. In the end the tester will leave a "muddy foot print" to prove exploitation and will document the exploits. Training may be conducted concerning how the penetration was achieved. This type of testing is used to give a "Real World" view of current security in an organization. The test is not comprehensive. The recommendations will center on fixing specific problems.

Cooperative
Cooperative penetration testing is where limited information is distributed to the testers and boundaries are setup to ensure that no damage is done and activities are coordinated with the customer to some degree depending on the scope. Benefits include: testing can be coordinated to meet operational requirements, exploits of vulnerabilities can be limited to non-destructive or to exploits that do not impact uptime commitments, and better information is gathered and the findings are more complete.

Penetration Testing Requirements
Penetration testing needs to have upper management support, a signed "Hold harmless Agreement", good backups, finely tuned scope of work, and a communications plan for coordination between testers and clients.

Hudson Business Networks
Hudson Business Networks has performed penetration testing for several large organizations, government agencies, and corporations. Our team of security personnel can customize the penetration testing to meet an organization's security goals.

© 2003 Hudson Business Networks
Information Security