eScope Solutions offers External Penetration testing for those clients that would like more in-depth information than can be achieved with a basic vulnerability assessment. A vulnerability assessment may reveal a risk while a penetration test explores the risk and attempts to exploit it. In this manner, management will be advised if the risk is an actual exploitable vulnerability. Our Penetration Test Assessment uses a comprehensive and intelligent approach that includes a unique roadmap. Here is a brief explanation of the key points:
Reconnaissance- Identification of all external (Public) facing IP address. eScope Solutions’ Pen testers gather information about the client’s external network.
Discovery- Port scanning, fingerprinting of operating systems, and version info
Research and Evaluation- Testing for vulnerabilities, password guessing, and manual checking of services
Manipulate and Exploit- Manipulate the found vulnerabilities and attempt to exploit them
Report- on findings.
Comprehensive testing will include port scanning, OS identification, service detection, password cracking/guessing, web vulnerabilities, and configuration errors. eScope Solutions’ Pen Testing Team uses a blend of field experience, leading edge open source tools and commercial utilities to accurately gauge points of vulnerability in your network systems.
Even the best firewalls, routers, intrusion detection and network servers can be vulnerable with a flawed security configuration. Real peace of mind about the credit union’s Data Protection can be achieved only by rigorously testing the effectiveness of your network safeguards. All testing is performed remotely from eScope Solutions’ SOC.
Reports & Review
eScope Solutions provides a comprehensive report with all vulnerability findings and exploiting vulnerability conclusions delivering both an Executive Summary and a Detailed Technical sections. The report includes descriptions of all detected vulnerabilities, their level of severity, what devices are affected and all findings and conclusions.
eScope Solutions provides a brief overview of our report as part of this service. If additional support assistance is needed eScope provides remediation services through our Network Support Agreements.
| Penetration Testing Packages | Standard | Premium |
|---|---|---|
| Assurance level | Simulates the basic (drive-by) hacker or "Script kiddie" with limited time, tools and skill sets that might not be targeting you specifically. This hacker may stumble upon your external IP during a sweep and will focus little attention to you unless he notices an obvious security problem. | Simulates a professional hacker that will pose a persistent threat to your organization that has more time, tools and is more skillful in his hacking techniques. This hacker has intent and wants to find weaknesses to exploit in order to gain access to your private network. |
| Analysis Duration | ~10 Hours | ~ 30 Hours |
| Reconnaissance Phase | ||
| Informational Assets | No | Yes |
| Content Scanning | No | Yes |
| Foot Printing (Vulnerability Assessment) | ||
| IP Determination | By Client | By Client or Discovery Scan |
| Ports Analyzed | 5,000 Ports (most common) | 65,535 Ports |
| Protocols | TCP & UDP | TCP & UDP |
| Privileged Scanning | No | Yes |
| IDS/IPS Evasion | IPS must be disabled | IPS disabled or enabled |
| Network Devices | Yes | Yes |
| Exploit / Intrusion Phase | ||
| Exploits Utilized | Known Exploits | Exploit Research as Required |
| Password Cracking | None (commonly known) | Yes |