 |
|
|
|
|
CougarPen-Test - true knowledge about your security posture
CougarPen-Test is a thorough quality check of your company's IT-security.
You get the unbiased truth about security holes in your network, how severe they are and
what you can do to close them.
We document our test results in an easy to read report,
which gives you an exact status of your company's IT-security, and enables you to focus on
security issues that are most important to solve first.
CougarSecurity specialists review the report with you so you can ask questions and
have a fruitful two-way dialogue on the issues at hand.
Extra thorough
Cougar's vulnerability expert team has developed some extremely thorough test methods,
which include automated and manual tests, inspection as well as deductive analyses.
Our method includes built-in quality control. As far as we know, we are the only security service company
that does manual checks for false negatives on all our CougarPen-Test sessions.
Sometimes a tool or a manual test can fail to identify a vulnerability - we check to make sure we catch them.
Our elaborate vulnerability database ensures that we are fully up to date on all new vulnerabilities, and
know how to test for them shortly after their publication.
The CougarWarning database is a very valuable tool for us when we perform manual tests and analyses,
and it is the most frequent and best updated of its kind.
Tailor-made testing
The content of a CougarPen-Test is based on your unique needs.
Before we start any work we have a kick-off meeting where we agree on the expectations
from the work we will be doing.
You can choose a traditional test, where we test a select number of your systems' IP addresses.
Such a test will give you a good status of the IT-security of the chosen systems.
We can recommend this kind of test when you need to secure a new host, or one that has been reconfigured.
This method can also be used on an IT-system that represents a number of identical systems, which could
be a desk top or a server image.
Tests of complete IT-subnets yield better security
You can also choose to have IT-subnets and servers in your network identified before we do any testing.
IT-subnets are IP ranges that include those IT-systems and services, that make up a logical IT-subnet.
Examples are your DMZ, or your internal network or parts of it or a VPN or wireless network segment.
When we test complete IT-subnets, you are assured that all IT-systems and services in the subnet are tested,
and that there are no weak links in the chain that a hacker can exploit.
This results in better security than the limited test of select IP addresses.
We discover your subnets by performing a port scan on your full IP range including the IP addresses
you have been allocated by your ISP; we even check your domain names.
The network is analyzed based on network drawings and the result from the port scan.
We end up with complete knowledge of what data connections and trusted hosts are accessible.
Next step is to establish a test plan and review the results with you.
During this pre-test review, we will highlight potentially unwanted or redundant systems
and services in your network that should be removed before the testing is performed.
This will enable a more efficient and affordable test.
How we test
When we test if we can break into an IT system we use three basic methods.
First we use a whole suite of automated tools, where we inspect the results for false positives and negatives.
Secondly we perform in-depth manual testing; where we use our experience, creativity and
proprietary tools to find new ways into your network.
Again our extensive up-to-date knowledge of vulnerabilities enables us to deliver the best result available.
Our attacks include Denial of Service (DoS) attacks that we perform during pre-agreed timeslots,
as well as a number of thorough analyses that determine what the test results mean to you.
We even do vulnerability data base cross-checks that guarantee that we haven't missed anything.
Thirdly we perform in-depth inspections, where we for example review your firewall rule sets and
network configurations, to determine if insider knowledge about your systems can be used to find
loop-holes in connection with a hacker attack.
You decide CougarPen-Test's depth
It's up to you how elaborate CougarPen-Test is.
It can be any combination of our automated tools, annual tests and inspective reviews.
The sample attacks we perform with our toolbox will let you know if amateur hackers (script kiddies)
or standard worms can penetrate your IT systems.
The targeted in-depth attacks that we perform, using tools and manual tests, will let you know if
the professional hackers and cyber criminals or new combined virus/worms can break in through your defense systems.
Finally, when we add the inspective reviews you will know if insider knowledge makes you vulnerable to attacks.
When we have a good understanding of your IT-security needs, we will be able to suggest a test combination that
will meet your needs and be most efficient for your company.
Supplemental test of web browsers and Virus defense
You can supplement with Virus Defense test.
Our normal Pen-Test focuses on vulnerabilities that can be compromised by hackers and worms.
If you want to know if your company is prone to virus infections, we strongly recommend this service as well.
Another supplemental service that we offer is called Internet-Infection,
where we test for vulnerabilities in browsers that make desk- and lap-top users prone to virus infections,
worms as well as spy, and ad ware when they surf the Internet.
We help you check the browser configurations, so you leave the fewest possible tracks on the Internet,
and avoid bringing dangerous files with you back inside your company's network.
|
|
|
|
|
Stay Ahead
|
|