Internal and External Penetration Testing by UK Security Cleared ConsultantsContact Us
RandomStorm’s professional penetration testing service is focussed on identifying and assessing vulnerabilities that exist in your corporate networks. Delivered by world-class security consultants the service provides you with a thorough analysis of your internal and external-facing hosts, identifying all critical vulnerabilities in the network from a hacker and insider attack perspective.
Our proven approach to penetration testing is based on industry best practice and project management standards broken down into five distinct phases:
The first phase is an initial scoping discussion to set the parameters for the project. This ensures that all the critical parts of the network that need to be included in test are identified at the outset, avoiding potential problems later in the process.
Our consultants will utilise public domain information to collect information about your organisation and the network. Search engines will be interrogated as well as public records to try to collect information, which will help in the assessment of the target network.
In the case of an internal assessment, passive information gathering will also include sniffing wired and wireless networks in an attempt to collect network protocol information, addressing details, and user credentials.
Information discovered during the passive information-gathering phase is used to start probing the network map the network and identify the active hosts. Once the active hosts are identified, further probes are used to detect any open ports together with what services they are running, before using fingerprinting techniques to identify the operating system running on the host.
The assessment phase aims to check known vulnerabilities against the operating systems and services that have been identified as present in the network. Any medium level vulnerabilities and higher that are identified are manually confirmed, preventing false positives being reported. Attempts are also made to exploit common operating system vulnerabilities to check the level of privileged access that can be achieved.
It is important to note that RandomStorm will not carry out any checks, which are considered by the tools that are used to be 'unsafe'. This also includes any Denial of Service DoS attacks. These service affecting checks are disabled by default in all the tools that we use but they can be can be included by request.
For services that require username and password authentication our consultants will attempt to access these resources both with the default password, and also commonly used username and password combinations.
In practical terms the assessment phase typically comprises of an internal, 'White Box' and 'Black Box' tests.
In white box testing, the customer will provide RandomStorm with full details about the network, and hosts that exist on the network along with associated addressing schemes. RandomStorm utilise this privileged information to carry out the relevant assessments. A white box test can be thought of as a test using similar information as an internal attacker would have. The information provided to RandomStorm would normally be available to an attacker on the inside. Therefore this testing gives provides a level of understanding as to the security threats posed from internal staff, and also any third party contractors who have network access.
Black box testing is the reverse of white box testing. In black box testing, the customer provides no detailed information to RandomStorm. All that is normally provided is the reason for the assessment and the requirements of the assessment. In these assessments, RandomStorm will carry out in-depth reconnaissance in order to gain the information required for progression with the assessment. This type of assessment is more realistic as to what an actual attacker would carry out. It is quite normal to mix and match these to meet customer requirements. A common package would be a white box internal assessment, combined with a black box external assessment. This would cover internal threats from employees and contractors/visitors and also external threats from members of the public who can utilise publicly available services.
It is quite normal to mix and match these to meet customer requirements. A common package would be a White Box Internal assessment, combined with a Black Box external assessment. This would cover internal threats from employees and contractors/visitors and also external threats from members of the public who can utilise publicly available services.
At the end of the discovery and assessment phase clients are presented with an executive summary as well as a more detailed report. The summary lists the key findings along with the top ten recommendations for remedial action. A table of hosts is provided together with the total number of vulnerabilities identified at each severity level.
The full assessment report goes into greater detail for each host including the open ports identified, services available on those ports, identified vulnerabilities and remediation advice. Separate sections are included for any additional advanced assessments that were carried out and cross-referenced where applicable to the host assessment data.
Finally once the executive summary and full assessment report are created they are uploaded to the secure document area of the RandomStorm Customer Portal, StormPortal, for review prior to scheduling a de-brief meeting, normally within seven days of publication. The de-brief meeting is an opportunity for you to discuss any major issues arising from the assessment with the lead consultant who will formally present the findings of the report.