Forward Back Home
Our ServicesProfessional MembershipsCommitments to StandardsContact Us
 

Sytems Penetration Testing
 

Hackers - stop their access to your business information by having Elefire Systems Penetration Testing Services identify any vulnerabilities before they do.

Elefire offers Systems Penetration Testing as an integral component to your organisations Information Security Management Systems (ISMS) in identifying and reducing the risks to your business. It can also assist in determining the state of readiness of your organisation to deal with a suspected or real incident.

The objective of an Elefire Systems Penetration Test is to masquerade as either internal or external attackers attempting to gain unauthorised access to your organisation's network. Initial consultation with your management team determines the tests to be performed, the boundaries of the test, limitations, specific targets and the designated timeframe.

A legal contract and Statement of Work specifying the pre-defined set of rules is provided and requires formal sign-off prior to the commencement of any systems penetration test. You can select any or all of the following System Penetration Test types:

  • External Attack - Simulate an attack from a remote, untrusted system by a hacker with no prior knowledge of your system.
  • Internal Attack - With some prior knowledge of the system, and working from a local, trusted host, attempt to compromise security and glean unauthorised information.
  • SysAdmin Attack - Disaster recovery test. Check whether you are able to deal with an attack from a high-level trusted user.
  

With the following levels of hostility:

  • Non-Destructive - Exploits will be found, and only exploited if they will not cause any harm to your system. This is advisable if the server being tested is live and customer facing.
  • Denial of Service - Attempts will be made to stop operational service, but should not cause irreparable damage.
  • Destructive - We will simulate an attacker who wishes to permanently cripple your system to the point of erasing data.

Broadly speaking, the pricing structure is outlined as:

  • Minimal - 2 days of testing will be undertaken. Suitable for small, simple systems.
  • Medium - 5 days of testing.
  • Extensive - testing time as required and as agreed; for large systems, or highly detailed tests.

When the tests are finished, we will provide the following:

  • A full report detailing verification of testing methods and all attacks performed.
  • The results of each attack divulging any vulnerabilities and security risks identified.
  • Detailed and practical recommendations regarding the improvement of network security and methodology directives concerning future protection against attacks.