network Penetration testing
NETWORK PENETRATION TESTING
Network Penetration Testing (or net pen testing) is a full hacking test against a computer network. Penetration testers will use all the same techniques as a malicious hacker to help identify weaknesses in the network. The report includes a detailed description of each finding along with recommendations to help improve the overall security of the network.
MORE THAN JUST AUTOMATED SCANS
TANNER’S PROCESS
Tanner follows a comprehensive process for every penetration test. Our hybrid testing process combines automated tools with manual testing to find hidden or previously unknown vulnerabilities. We understand that hackers constantly find new and creative ways to hack into a network, so we take the same approach during penetration testing. This is a key component of effective network penetration testing, because it simulates the mindset of a real hacker and provides more realistic test results.
Below are some of the methods we use as part of the manual testing process:
-
Password Cracking (Brute Force/Dictionary)
-
HTTP Parameter Tampering
-
SQL Injection
-
Protocol Poisoning
-
Buffer Overflow
-
Session Hijacking
-
Network Service Probing
-
Packet Sniffing
QUALIFICATIONS AND EXPERIENCE
Tanner’s penetration tests are performed by qualified, experienced security analysts, all of whom have earned industry-standard certifications. All engagements are lead by an analyst with at least one of the following certifications:
-
Certified Ethical Hacker (CEH)
-
Certified Information Systems Security Professional (CISSP)
-
Bachelor’s Degree in IT Security
SECURITY ON MULTIPLE FRONTS
Our network penetration testing services offer comprehensive coverage for both your external and internal networks.
External Network Penetration Testing
We test your systems from an external location. This simulates the actions of an attacker trying to break in from from outside the network. External networks are attacked daily and need to be as secure as possible.
Internal Network Penetration Testing
We test your systems from inside your network. This shows what an attacker might be able to access if a device on the network is compromised with malware, or if the attacker places a rogue device on the network.
FAQS
WILL A PENETRATION TEST SLOW DOWN MY NETWORK OR AFFECT MY BUSINESS OPERATIONS?
Our team takes multiple precautions to ensure that your business operations and network remains fully functional during the penetration test. Our point of contact will maintain open and constant communication to arrange for times when using automated tools and more intrusive tests can be performed.
HOW OFTEN SHOULD A PENETRATION TEST BE PERFORMED?
While every organization’s needs are different, we generally recommend annual penetration testing to meet the requirements of various compliance standards. These annual tests will reveal any emerging vulnerabilities or hidden threats that could only be identified with thorough, regular, in-depth testing.
Penetration tests should also be performed whenever your network experiences:
-
Significant software or hardware modifications
-
Re-architecting of the network infrastructure
-
Modification of IS policies, procedures, or processes
PENETRATION TEST DELIVERABLE
After each test is performed, we deliver an actionable report containing the following information:
-
Executive Summary
-
Testing Methodology
-
Instructions on Recreating Test Results
-
Detailed Explanation Findings and Associated Risks
-
Recommendations for how to address each finding
The report highlights the gaps identified in tests, along with Tanner’s prioritized recommendations for remediating the identified risks. The end result is an improvement in the overall security of the application. Our findings take into consideration the size of the company and the sensitivity of its data when determining the importance and urgency of each recommendation.
Unmatched Industry Experience
With Tanner, you gain access to:
-
Industry analysts with valuable, relevant credentials, including Certified Ethical Hacker (CEH) and Certified Information Systems Security Professional (CISSP)
-
Thorough security assessments based on knowledge and experience
-
Post-engagement reviews (included in our upfront pricing)
-
Complimentary access to a dedicated security analyst for a minimum of one year after any engagement
-
Flexible test scheduling that helps prevent system interruptions