Services/NPT - Network Penetration Test

Network Penetration Test (NPT)

Finding vulnerabilities in your own systems before somebody else does it is an important process for your own infrastructure security. A Network Penetration Test has the purpose of identifying the vulnerabilities, focusing on the major impact areas for the business.

A Network Penetration Test is oriented to the evaluation of network and systems security and configurations. It can be executed from the inside (Internal PT), from the outside (External PT) and with different levels of knowledge and access to the client's infrastructure and resources (Black Box, Grey Box e White Box).

So it's possible to simulate different sets of attacks. A Black Box external PT, for instance, aims to identify which damage can be caused by a casual attacker external from the organization, whereas a Grey Box Internal PT simulates an ill-intentioned employee.

ISGroup ISGroup is the ideal provider for your Network Penetration Test needs and acts with seriousness according to internationally recognized standards at the highest quality levels thanks to a steady commitment in the research area. Contact us to request a personalized preventivo.

Request a quotation for
Network Penetration Test (NPT)
Fissa un appuntamento

Or call us at
(+39) 045 4853232

scrivi su WhatsApp

Service NPT - Network Penetration Test

Description

Electronic trading, on-line B2B (Business-to-Business) and global connectivity, fundamental components of any successful business strategies, require that corporates adopt security processes and practices.

Most companies operate diligently in order to maintain an efficient and effective security policy that implements the most recent products and services to prevent frauds, vandalism, sabotage and DoS (Denial of Service).

Despite this fact, several companies don't put the right emphasis to a key ingredient for the success of a security policy: to verify that networks and security systems function as planned.

Network Penetration Test activities, using tools and methods to scan the network infrastructure in search of vulnerabilities, helps putting the finishing touches to a corporate security policy, identifying vulnerabilities and assuring that the security implementation really provides the protection that the company demands and needs.

Performing regularly Penetration Test helps companies to discover their network security weak points, that may lead to compromised or destroyed data and equipment by Exploit, Virus, Trojan, Denial of Services attacks and other intrusions. The analysis can exhibit other vulnerabilities that can be introduced from patch and updates or from errors on Server, Router and Firewall.

Network Penetration Test briefly:

  • Mostly exposed systems are analyzed for vulnerabilities from the outside or the inside of the network.
  • Identified vulnerabilities are then exploited in order to violate the network perimeter.
  • Internal systems are inspected for additional vulnerabilities that allow to obtain further access to data and infrastructures.
  • This process is repeated as long as it carries results.

Specifications of the Network Penetration Test service

The Network Penetration Test service is performed by skilled professionals according to internationally recognized methodologies, such as OSSTMM (Open Source Security Testing Methodology Manual, an Open Source guideline for the execution of security tests for infrastructures and cyber assets), suitable for the client's specific needs and for the attack area.

Each ISGroup service is personalized according to client's needs and can be integrated with our other services and products. A NPT can focus on purely technical items but can even be extended to people, processes (Social Engineering) and physical security aspects. The client will decide which are the most important aspects of the activity and where to direct the effort of the attack team.

All the most critical tasks and techniques are conducted by senior researchers to guarantee the maximum professionalism, so that there will be no damages neither to the infrastructure nor to the data.

Testing activity results are summarized and presented in the Report, a simple and detailed document formed by three main sections.

From the outside (External PT) or the inside (Internal PT) of the network and with the desired level of information chosen by the client (Black Box, Grey Box and White Box) to simulate different attack scenarios.

Network Penetration Tests Scenarios

ISGroup performs its own tests according to the following operational modalities:

Internal PT
Tests are performed within the business network.

External PT
Tests are performed externally from the business network.

Moreover, it is possible to diversify between Black Box, Grey Box and White Box testing, according to the information provided on the systems that we have to attack. Here are some examples and sets:

External PT Black Box
It simulates a casual or external attacker (such as a dishonest competitor) without access to specific information and access credentials to the company.

Internal PT Black Box
It simulates an attacker that has physical access (such as an external consultant o a visitor in a meeting room) or a remote one (such as a jeopardized secretary's computer) to the business network.

External PT White Box
It tries to undermine externally exposed components in order to understand which level of access an attacker can obtain to the other corporate assets.

Internal PT Black Box
It simulates an attacker that has physical access (such as an external consultant o a visitor in a meeting room) or a remote one (such as a jeopardized secretary's computer) to the business network.

Wireless Penetration Test
It tries to undermine the wireless infrastructure. It simulates an attacker that is physically close to a company's building where a wireless network is installed.

Social Engineering
Instead of attacking the sole technical aspects, the human component is attacked with manipulation techniques. We try to induce people to take actions or to reveal information.

Output

The Report is a simple and detailed document that summarizes the results of the activity and it is divided in three different areas, as described previously:

Executive Summary
It is placed at the beginning of the Report and it is no longer than one page. It consists in a non-technical overview, destined to Management.

Vulnerability Details
It consists in a technical part describing the discovered vulnerabilities and their impact in detail. It is dedicated to the Security Manager.

Remediation Plan
A technical section with detailed and precise instructions on how to resolve the identified problems. Dedicated to the System Administrator.

Working with us is pretty simple, just call the number (+39) 045 4853232 or send an e-mail so that we can get to know each other and discuss about your IT Security needs.

Request a quotation for
Network Penetration Test (NPT)

Publications

A brief collection of publications, materials and presentations that our staff members produced and presented during their career.

This is a demonstration that IT Security is not just a profession for us but also a great passion.

Our publications

Research

Research is a fascinating activity that puts the computer security expert always against scenarios and challenges. For years, even through our non-commercial embodiment, ush.it - a beautiful place, we dedicated ourselves to the publication of advisories, exploit development and bug hunting.

Our researches

Certification and Training

Thanks to the experience gained during technical activities performed so far, the results of our research and our knowledge of IT Security issues and solutions, we are able to provide different training paths for those who are in position to execute offensive (auditor, penetration tester) or defensive (network administrators, developers) activities.

The Training

ISGroup SRL
Via Cantarane, 14
37129 Verona VR
CF e P.IVA 04164220230
REA VR-397513

Contacts

Social Network

© 2005-2024 ISGroup SRL. All Rights Reserved.

Sitemap  Privacy Policy  Cookie Policy