Telspace Systems Services:
Telspace Systems can help analyse, detect and remediate issues throughout
your network. We specialise in the IT security field, focusing on Attack and
Penetration testing and Vulnerability Assessment.
Vulnerability tests are often used when conducting a network security audit,
which is defined as a:
• Manual or systematic, measurable technical assessment of the protective
measures taken concerning a computer network infrastructure and the
general accessibility and flow of information through the network.
A vulnerability test can therefore be defined as:
• A security auditing technique, used to identify and analyze general
security flaws that might exist within a computer network or specific host.
It’s a reasonable question to ask, “Is a vulnerability test feasible for my
business?”.
According to Bugtraq, a well known vulnerability database service, vulnerability reports have quintupled. From an average of 20 in 1998 to over 100 reports on new vulnerabilities are being made monthly. A joint survey conducted by the CSI (Computer Security Institute) and the Federal Bureau of Investigations revealed that:
• 90% of survey respondents which included medium to large corporations, government agencies and financial institutions, detected computer related attacks.
• 273 organizations reported a combined $265,589,940(US) in losses due
to cyber attacks. Vulnerabilities generally originate from the following sources:
• Bad Software Design
• Outdated Services
• Incorrect Application configurations
• Incorrect operating system configurations
• Insufficient Software Maintenance
• Bad Password policies
• Incorrect Access Control
• Malicious Software
• The Human Error factor
Automated Vulnerability Assessment:
• The primary purpose of our vulnerability testing program is to identify
known vulnerabilities resident in a host or computer network.
• Our vulnerability assessment tool can also provide concise information on the causes of discovered vulnerabilities as well as how to eradicate them (usually this is done in the form of external web links)
• Our vulnerability scanner should become part of a system administrator’s
arsenal, and enable the administrator to rapidly discover and mitigate
flaws in a network before an external attacker is able to exploit them.
Attack and Penetration Testing:
• A penetration test simulates a real attack on a computer network or a
specific host by an intruder, in order to evaluate its security and display
potential weaknesses.
Types of penetration tests include:
Full Disclosure Tests:
A full disclosure penetration test is conducted by allowing us complete access to
information about the target that would otherwise be unavailable to external
intruders.
Information that might be provided could include the targets location within the
organization (both internally and externally), various network diagrams and
source code.
• Partial Disclosure Tests
This can be considered a variation between a full disclosure and a blind test. Specific information might be disclosed about target(s), but not to the same level as a full disclosure test.
• Blind Test
A blind penetration test is a full attempt at simulating an intruder’s view of the target, and only information that can be acquired by an actual attacker is used to conduct the test. This is one of the most accurate testing methods available. It has been said that the best offense is a strong defense. This has never been more true than in context with modern information security practice. Knowing and fixing potential problem areas in your network today will stop those who wish to exploit those problem areas tomorrow. Contact us today and stay one step ahead! |
