ATIA Ltd company can check the security of your systems and services that you offer to your customers. One of the ways that we do check the safety of your system or service is by using the Penetration testing.
What is a Penetration Test?
Penetration test is a method of evaluating computer system security by simulating an attack of a malicious user (hacker). The process involves an active and detailed analysis of computer systems in search of possible oversights in design, implementation and maintenance. All detected oversights are cited in the Report at the end of the testing together with a probability and possible consequences assessment as well as with risk reduction suggestions. Upon presentation of the Report we will provide answers to your questions, and together with your IT experts develop a strategy for security improvement.
Why Take a Penetration Test?
From the business point of view, penetration testing with its proactive and prevention measures helps you ensure your company of the following risks:
- Financial losses due to embezzlement (hackers, extortionists or dissatisfied employees) or unreliable business systems and processes
- Demonstrate great attention to computer security, in accordance with industrial regulations, and the demands of your clients, business partners and shareholders. Negligence can cause serious damages manifested in the form of a sudden break of collaboration, paying of hefty fines, damaged reputation or utter ruin. At a personal level consequences can be the loss of employment, a law suit and sometimes even a prison sentence.
- Protection of personal reputation by avoiding losing any of the clients’ trust and business reputation.
What to Test?
Security tests can involve every segment of your company that receives processes or stores digital data. The most commonly tested areas are:
- Network servers (open to the Internet plus internal servers)
- Work stations (PCs or laptops) used by your employees
- Customised computer systems (dynamic stations, internal applications…)
- Computer networks and network equipment (including wireless networks)
- Security measures (or the lack thereof) which should be applied by your employees
- Physical security measures (access control, possibility of unauthorised access…).
Ideally, you have already performed a risk evaluation and are already aware of the possible most damaging areas (e.g. communication breaks, computer system shutdowns, loss of confidential information, unauthorised data modification…), so now you can by penetration testing identify those security oversights which could allow for damage to actually occur. If you have not performed a risk evaluation, it is standard to start with the most exposed areas (servers open to the Internet, web sites, email servers, remote access servers…). Prior to admission of penetration tests we perform a liability check on the basis of which we can recommend.
How to Test?
In compliance with your requests, made upon advice of our experts, several tests types are available:
- ‘Black box’ test
- ‘White box’ test
- ‘Gray box’ test
What Do You Get In Return?
Although while testing and during the analysis of the results we invest a considerable amount of effort and technical skill, true worth of a penetration test lays in the Report which we deliver at the end. For if the Report is not clear or comprehensible enough, all the invested effort is of little value.
Even after successfully completing the penetration testing, you can still relay on our help in the time to come:
- Creating your security policy
- Periodical liability checks
- Implementation of PKI infrastructure
- Consultations during implementation of the new components to your computer system
- Implementation of a complete security system
- Education (of computer engineers and other employees)
- Emergency interventions while and after the security incident
- Computer forensics services.