Information Security Organizations trends are becoming increasingly reliant upon information technology in

Transcription

1 DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: Visit us: Protect Your Business. Get Your Service Quotations Today! Copyright PT. Spentera. All Rights Reserved. 2011

2 Penetration Testing Service Overview Information Security Organizations trends are becoming increasingly reliant upon information technology in all aspects of the business enterprise. Many n organizations, including government, military, businesses, educational institution and industries, are counting on increased connectivity, availability of systems, and open environments for increased productivity, flexibility, and growth. However, computer systems are interdependent entities; this interdependence brings new security challenges, vulnerabilities, accidents, criminal behavior, and malicious activities. The rapid expansions in the n Information Technology sector has resulted in a corresponding increase in demand for information technology specialists in the national workforce, especially for specialists with technical skills in information/computer assurance and security. Many security tasks are not being adequately performed due to lack of personnel. The pervasive nature of the problem is evidenced by several recent reported security breaches. Spentera Penetration Testing services or ethical hacking is an exercise that attempts to simulate the techniques adopted by an attacker to compromise your systems. It helps to highlight those vulnerabilities which could be exploited by a remote unauthorized attacker. Our penetration testing service is a highly creative, out-of-the-box engagement, and often results in new vulnerabilities being discovered or a new tool being developed from such an exercise. Features Spentera validates the control and implementation of existing security and risk measures by performing demonstrations of activities that are unknown in the networks, systems and attacks on application as part of a security testing in a safe and controlled manner. When testing is complete, you will receive detailed maps that prioritize security weaknesses in systems and networks environment of your application. Determine weakest points of the system and network infrastructure from the external or internal view. Reducing the security threat to information systems, networks, and use of applications within the enterprise. Using combination of hacking techniques which is done manually or by using commercial tools to produce accurate output. Spentera prioritizes the quality and maximum results for each findings We use the best known world methodology to satisfy the entire penetration test process, such as PTES and NIST SP All the penetration testing processes are conducted by our experienced people. Spentera uses In-Depth Vulnerability Analysis techniques, which means closely analyzing all vulnerabilities discovered in the process of penetration testing. We will deliver the comprehensive report including the executive summary, technical summary, and technical detail of each finding. If requested, we will do a live demonstration of our findings. PT. Spentera is a company registered in. Page 5

3 Benefits Spentera penetration testing helps protect your organization against threat: By conducting penetration tests, you can quickly fix the existing vulnerabilities. We produce accurate and high quality examination. You will get the results of comprehensive report including a detailed explanation of each weakness. Our service can be tailored to the client needs. We will protecting your company integrity and brands. By conducting penetration testing, you already take one step ahead to prevent loss to your business. Penetration test will raise the information security awareness. With the penetration testing results, you can produce the best information security strategies to protect the company assets. Helps to achieve and maintain compliance with federal and state regulations. Technical Information Spentera dividing the stages of penetration testing into eight sections and each step has a unique hundred combination of attack vectors (except the adjusting scope) Adjusting Scope Adjusting scope is a process to determine the boundaries of what are included in the process of penetration tests, such as networks boundary, IP addresses, servers and others, including the necessary procedures against it. Information Gathering In this process, Spentera experts will gather detailed information about the target network. Usually dig in public sources, such as newsgroup, search engines, forums, or the WHOIS database. The purpose of this process is usually to map the information about the target, thus forming clear information about the design and structure of the target networks. Target Identification During this phase, Spentera s consultant will identify as much as possible whole systems linked with the target, such as mail servers, firewalls, web servers, IDS/IPS(s), etc. This phase is intended to find a way commonly used by malicious users and intruders as a way into the system. Target Enumeration After gathering information and target identification stage has been fixed. Target enumeration move one step further to fully identify the proper networks topology, operating systems with their patch levels, application versioning, and open ports on the target system. Vulnerability Mapping This phase of engagement mainly deals with the profiling of target environment for known, private and unknown vulnerabilities. Technically, it is divided into two phases: PT. Spentera is a company registered in. Page 6

4 Vulnerability Identification Based on the findings of the previous enumeration, Spentera team will conduct further testing on the results of such enumeration. Testing is done by comparing the version of the application / operating system, system configuration, or implementation of wrong system with known vulnerabilities. If the vulnerabilities is not found in the list of known vulnerabilities, so our team will conduct further experiments to ensure that there are no vulnerabilities in the application / system. Our team is equipped with a script or adequate equipment to conduct in-depth security testing. Vulnerability Analysis Before the real world exploitation executed, Spentera team will examine closely and carefully all vulnerabilities that could cause environmental hazards in the production system. If the vulnerabilities that discovered is a critical vulnerability, we will immediately notify the client without waiting for the testing process completed. So that the client can immediately take necessary actions. Exploitation In the final stage of penetration testing, client infrastructure will be assessed by examining the most severe security vulnerabilities and to measure the vulnerability that marked as critical. Our team will try to gain access using a set of exploit scripts that are divided based on the exploitation of vulnerabilities discovered earlier, this is to ensure that all exploitation of the script matches the target environment. Post Exploitation Once the target has been successfully exploited and acquired. Spentera team can use this owned platform to launch further attacks into the networks that is inaccessible from outside. Our team will repeat the process of target identification, enumeration, vulnerability mapping and exploitation again and again until our team could not continue compromise any further. Social Engineering Humans are also part of the system, so that the scope of security testing should involve the human factor. In security testing, human factors is the weakest link, so it can be easily exploited. Spentera team will use social engineering to obtain more information about the target, such as , phone numbers, forums, and more. PT. Spentera is a company registered in. Page 7

5 Adjusting Scope Final Report & Deliverable Information Gathering Post Exploitation Penetration Testing Target Identification Exploitation Target Enumeration Vulnerability Mapping Compliance Spentera's Penetration Testing service can meet the requirements of many standards and guidelines in relation to information security. Our Penetration Testing team has working knowledge of the following standards and attempt to exceedingly meet their requirements. Bank Regulation No. 9/15/PBI/2007 Implementation of Risk Management in the Use of Information Technology by Commercial Banks Regulation of Bank Number 9/15/PBI/2007 states that all banks under the auspices of Bank shall perform risk management practices in their IT environment. The policy consists of several articles that determine how banks should monitor and manage IT risks related to building good governance in the banking sector. To fulfill the regulation policy, we provide the following services (as illustrated below): PT. Spentera is a company registered in. Page 8

6 Penetration Testing Managed Vulnerability Service Live Incident Response Sales Inquiry To find out more about detailed of each service related to pricing, please contact our agents will be happy to assist you. Contact To find out more detailed information of each service including to pricing, please contact our agents will be happy to assist you. PT. Spentera is a company registered in. Page 9