Penetration testing ("pentest") is a form of security audit which simulates the actions of an attacker. The goal of penetration testing is detection of vulnerabilities and possible penetration routes, which can be used to gain access to data and resources of the company. During the pentest the techniques and instruments of real hackers are used. Pentest can be performed from the Internet (external) or from the LAN (internal). Social engineering methods can be used as well.
Technical audit is an infrastructure audit, which allows to obtain a lot of information about object in scope and detect lots of weaknesses.
During the technical audit the following activities are performed: gathering configurations, interviewing administrators and responsible employees, log analysis, analysis of network traffic and network interaction, analysis of firewall rules, "action" check, interfaces analysis, etc.
Technical audit can include overall infrastructure review as well as analysis of specific components, such as: OS, DBMS, applications, network equipment, infrastructure services (web services, e-mail, DNS, NTP), mobile devices, virtualization systems, security facilities.
Expert evaluation is conducted using recommendations of CIS, SANS, NIST, ISO and our own experience.
Network analysis can be conducted in the form of expert evaluation, penetration testing or checking for compliance with special frameworks (such as Cisco SAFE).
The following entities can be assessed: network architecture, security of network equipment configuration, security of network infrastructure management, compliance with best practices and standards, firewall and routing rules, security of network services and network traffic, remote access and external network interaction, etc.
The goal of security assessment of wireless networks is discovering weaknesses of access points, 2.4GHz and 5GHz wireless client 802.11 devices and process of remote access to corporate network.
When conducting external testing of VoIP systems we search for software vulnerabilities (in SIP services, web interfaces), default passwords, weak cryptography, configuration flaws, which can lead to the server compromise, illegal phone calls, eavesdropping. Software for SMS delivery and automatic calls, as well as answering machines with DTMF receiver can also be tested. Internal testing implies access to the corporate LAN. Several additional network layer attacks can be performed (RTP traffic eavesdropping, illegal calls or other actions), configuration analysis of PBX system, subscriber equipment, network devices, user interfaces and other components.
Load testing helps to assess fault tolerance of the applications or infrastructure under DoS or DDoS attacks from the Internet. Attacks can either exhaust network bandwidth or exhaust hardware or application capabilities (CPU, memory, disk space), or crash the application.
During the link layer attacks the target is flooded with a lot of packets (TCP, UDP, ICMP). Cloud solutions with a huge network bandwidth (up to several hundred Gbps) are used for simulation of distributed botnet.
Another type of DoS attacks is application layer attack, which exploits the weaknesses of web applications to exhaust the server resources. During such attacks the applications can be crashed even with a single request. While conducting this type of load testing web-application is assessed to detect performance bottlenecks (configuration mistakes, misuse of third-party components, business-logic errors, etc).