Periodic PenTests should be an integral part of your information security program as they play an essential role in mitigating risks associated with your network and systems vulnerabilities. The primary objective of a PenTest is to gain access to your computer host, network or application using an authorized and systematic process of identifying and exploiting known security vulnerabilities. Our approach is based on “full-information” knowledge of the target network, including:
- Footprinting: Identifying public IP addresses possibly targeted by hackers
- Subnet Scanning: Identifying systems that may be potential targets for hackers
- Enumeration: Gathering information about the available attack routes
- Vulnerability Scan: Auditing discovered systems for known vulnerabilities
- Gaining Access: Penetrating systems and defining potential attack impact
- Collecting Evidence: Documenting successful unauthorized access or attack
Since penetration testing can impact a company’s operations, we work with management to determine whether the root-cause vulnerability should be fixed, or if they want us to attempt to penetrate the system. If we successfully penetrate the network, we would then perform “pivot attacks, ”a method that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, in an attempt to identify additional vulnerabilities to exploit from our new vantage point.
Because a PenTest follows the same tactics that an external hacker might use, it will not only enlighten you as to the systems and information that can be attacked, but will also offer you peace of mind that any existing weaknesses are uncovered and addressed long before they can be exploited.
For more information on PKM’s Penetration Testing procedures,, or to schedule a consultation, please contact Systems Partner Mike Morris at firstname.lastname@example.org or 404-420-5669.