Main Office: 01334 650838
  • News Roundup
    23 June 2010
    More businesses benefitting from our IT Support......
    read more
  • Microsoft Exchange
    20 April 2010
    Completed extensive Exchange deployment......
    read more
  • Arts Website
    18 March 2010
    The launch of Hospitalfield's new website......
    read more
  • Network Design
    15 January 2010
    Current project involves networking right from the basics ......
    read more
  • New Websites!
    10 September 2009
    The launch of three new large websites ......
    read more
  • Dundee Heritage
    06 July 2009
    Another long selection process, we now support DHT
    read more

Aerovision IT Company News

Penetration Test/Security Audit

Posted 18 January 2009

<< Previous | Next >>

Last week we conducted a thorough Penetration Test for an Edinburgh based retail company.

The primary area of concern for this particular company was the integrity and security of data held on their Servers.

We conducted the test as a well planned staged event.

First of all prior to arriving onsite we attempted to gain as much information as possible about the company and its business from the public domain. This highlighted a couple of possible vulnerabilites related to Social Engineering.

Then we arrived onsite and initially checked for any Physical Security problems, again some more issues were quickly determined which could lead to the Server hardware itself being compromised.

The Penetration Test quickly escalates to Network Mapping and Aggressive Scanning of the company LAN in an attempt to simulate malicious software installed on any of the company's Workstations.

From this we were able to formulate several attack patterns against their Servers which enabled us to retrieve data and ultimately compromise all security.

Various techniques were used, but primarlly the aim was to retrieve User Account and Password Data which could then be used to access the Servers. However, due to obvious restrictions, we do not actually finalise these attacks, nor do we attempt to damage or steal any data ourselves!

Ultimately once we know where the weaknesses are, we can then advise on an in-depth solution to prevent any future security problems.

 

Copyright © 2010 Aerovision IT, Fife, Scotland. All rights reserved.
Outsourced IT Support | Website Design | Information Security | IT Training

rss   |   site   |   blog   |   login