|
Caution!
If you suspect you are under technical
surveillance,
and wish to discuss having your phones or computers
swept for eavesdropping implants, please DO NOT
call/email us from a suspect terminal - instead use a
mobile phone not normally associated with your place
of work (see FAQs, in Resources section, for further
information on technical surveillance threats). |
 |
 |
| |
|
|
|
 |
|
Introduction
Network Penetration testing, colloquially
known as 'PenTest', is the art of determining and
exploiting, without causing damage, client networks; the subject
is more 'art' than science as success is often down to the
right mix of experience, chance and 'gut feeling'.
NetPen's subsidiary function of Vulnerability Assessment
(VA) is similar but seeks to employ mainly automated
software tools to identify vulnerabilities within the
network without proving their viability as an attack vector.
Conduct
Hereford InfoSec is able to
undertake wired and wireless (WLAN) NetPen and VA,
using EC Council Certified Ethical Hacker (CEH) qualified
personnel, using a combined Red Team/Blue Team
methodology (Red external to the network, operating
'blind' and Blue internal with intimate knowledge of
the network architecture). PenTest are usually undertaken
according to the Open Source Security Testing Methodology
Manual (OSSTMM), again using qualified (OPST/OPSA) personnel,
ensuring both high standards and consistency of
testing.
|
|
|
