Regular penetration testing is a valuable method of ensuring that your network services are secure and up-to-date and that your existing security strategies (Firewalls/IDS) are working. The process of penetration testing involves scanning and analysing your data centre or office internet connection to test for security vulnerabilities that could arise from misconfiguration, software bugs, or hardware problems.
Navaho are able to carry out automated non-destructive tests designed to ensure that any of your systems that are internet-facing are secure and do not have any obvious security problems. These tests will also highlight potential security risks (such as leaving SSH ports open) that are not immediately vulnerable but are potential attack vectors. Automated tests are ideal for picking up the following common problems:
Errors in firewall rules
Email servers relaying external email
New servers being deployed with unnecessary services
Systems that have not been fully updated with the latest security patches
Automated tests can be run on a weekly or daily basis, to give you as much notice as possible of potential issues. We can also perform tests on demand to check for issues arising from network maintenance.
We can carry out more in-depth tests, including trying common usernames/passwords for email gateways, testing web applications for common attack methods (SQL injection attacks, for instance) or performing more destructive tests that can cause systems to crash.
Involving a much more rigorous testing procedure, in-depth testing has a higher chance of impacting on system performance and availability, therefore we normally carry this out on services prior to deployment, or outside of normal working hours.
With the proliferation of internet connected devices and bring your own device (BYOD) employee working, the internal side of your network is just as vulnerable as the outside. To help ensure your internal network security is as good as the external security, we can perform penetration testing across your entire network using our SoHo Cage appliance as a remote test node.
For further information and pricing on security testing services, please contact us.