Many times, firewalls or security devices are deployed in a network as a quick and cost-effective measure to combat hackers but their capabilities were barely or never tested. The number of security breaches recorded keeps increasing despite there are so many firewalls and security protections out there. What could be done to help evaluate the effectiveness and performance of your safeguards? Penetration testing is the answer.
Comprising five distinctive phases: Reconnaissance, Analysis, Penetration, Information, and Documentation, RAPID is a detailed and proven penetration testing approach designed by ECQ to offer the most systematic and effective way to evaluate the security of a network.
The problem with penetration test nowadays is that it cannot provide an organization with the visibility of security threats coming from many different angles. The penetration test either focuses in a single target IP or domain name or it covers only specific area of the entire infrastructure of the organization.
Scenario-based penetration testing provided by ECQ helps address the issue of limited threat visibility by simulating attacks from an external and internal point of view.
For an external network penetration testing, it is best appropriate to allow ECQ consultants to conduct all necessary hacking techniques against the organization from an outsider point of view. Examples of techniques involves in external network penetration testing are:
1. Wifi Hacking
2. Social Engineering
3. USB Dropping
4. Client Side Attack (Cocktail Hacking)
In this scenario, the Consultants will use their laptop connect to any LAN port given by the customer and attempt to gain access to any devices, servers, services, and applications across the given network.
This assessment scenario is similar to scenario 1 but with a slight different twist. The Consultants will be given a valid login credential while they attempt to infiltrate deeper to the network.
A workstation or laptop of the organization will be provided where ECQ Consultants can attempt to gain access or utilize this machine and penetrate through the network. This type of assessment will help evaluate any potential risk that could arise from a user workstation.