SystemExperts never outsources nor subcontracts this work. We never use hackers, and we never leave systems in a less secure state than when we found them (no back doors) - many other firms cannot say the same.
SystemExperts regularly performs several types of penetration testing. For each of the testing scenarios described below, our reports focus on concrete and practical measures you can take to address any deficiencies we might find.
Contact SystemExperts to learn more about our penetration testing and exposure profiling services.
Some of the testing scenarios we frequently perform include:
(also known as Tiger Team Attack or White Hat Penetration Testing)
As a skillful outsider on the Internet, we focus on vulnerabilities related to TCP/IP protocols and services. We specifically look for problems in your DMZ or firewall setup, the configuration of your systems, and unauthorized access to resources in your environment. In this test scenario, we will attempt to gain administrative privileges on systems and see if we can reach data.
Learn more about our Penetration Testing and Exposure Profiling. View our Technical Tutorials online.
While Internet-based attacks get the headlines, hackers continue to use direct dial attack techniques to do significant damage to companies. By systematic dialing and analysis of your telephone resources, we will assess your exposure to this classic form of hacker attack.
Learn more about Dial Exposure. View our Wardialing white page online.
Many organizations deploy standard builds to support key Internet accessible services or environments. These builds typically consist of class of computers, an operating system configured in a particular way, and a set of layered software products. Fully understanding the security profile of your standard platforms is critical in understanding the security profile of your enterprise.
In other cases, organizations deploy mission critical applications on a hardware and software platform outside the firm’s technical expertise. Assessing the security hardening of these critical systems makes sense.
Learn more about System Hardening. View our Windows Hardening white page online.
Large organizations often lose track of the IP-based services they are exporting to the Internet. Periodic remote scanning of their external address space enables them to better manage their exposure by eliminating unnecessary security vulnerabilities.
SystemExperts will remotely scan your external IP address space for IP-based services accessible from the Internet. For each IP address scanned, SystemExperts will look for service availability on well-known TCP and UDP ports and we will categorize whether service availability is either open (reachable) or closed (not reachable). The deliverable is a spreadsheet containing the IP Services Inventory.
Some of our clients stop at this point and remove any unexpected/unnecessary services that we found. Others prefer more closure. After remedying the problems, they provide us with a Re-scan List. SystemExperts then remotely re-scans the IP addresses in the Re-scan List and updates the IP Services Inventory spreadsheet to reflect any changes.
Firewall rules tend to grow by accretion; changes to the rules are made to support the evolving needs of the business and they tend to accumulate over time. Too often, the rule set grows too large to be readily understood. Too often, later rules contradict earlier rules. Too often, a particular business need that required a specific opening in the firewall, no longer exists but the opening remains as a historical artifact. SystemExperts will work with you to document how the firewall should function and review the configuration to determine if the configuration is consistent with the expected behavior.
Peace of mind at an affordable price - You'll be able to sleep at night knowing a team of our network security experts is on your side and watching your back.
Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.
We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.
Compliance with regulations and contracts is forcing organizations to develop documented security policies.