Penetration Testing & Vulnerability Assessments

Documents, Passwords, Email, Employee Records, Product Development — These are Susceptible to Attack and Theft

How is your email secured?
Should it be outsourced?
Does your company have critical information exposed via the Internet?
Will you be in the news tomorrow?

Information is power. People will do many things to acquire information. This can include the theft of individual identities, industrial espionage, and divulging newsworthy information to organizations like Wikileaks — even posing as an innocent contact to get just enough information to break into your company. Sometimes a hacker doesn’t want information, but wants to create chaos in the organization by implanting a malicious virus or worm. These are nightmare scenarios for CEOs, CIOs, and CISOs throughout the world.

Security for mobile technology has yet to mature, leaving many organizations struggling with protection for their mobile networks. As experts in mobile security, the Enet 1 Group ensures your mobile environment has the highest level of security available. We will work with your Executive Team and all key personnel to provide peace of mind in the hazardous world of IT.

Tim Smith, founder and CEO of Enet 1 Group, has spent his career identifying the latest, most effective technologies to fight data theft, whether the theft is intentional or accidental. The prevention of data loss and the development of secure systems and networks is our chief goal at Enet 1.

In any company, it’s imperative to periodically test for security holes, both internally and externally. Fortunately next generation firewalls show promise to lessen these leaks, but that’s not the only way a network can be invaded. These can come in many forms, often not the midnight hacker you might suspect. Identifying these weaknesses must cover multiple scenarios.

There are 4 phases of testing:

» Phase 1: Passive Data Collection — This is the information gathering phase and test applications as well as networks, both traditional and wireless*:

Web searches and newsgroup browsing
IP scanning and SNMP sweeps
Network mapping with traceroute and other tools
Initial target identification
Ethical hacking of key communications services, operating systems, and network equipment
Social Engineering (if allowed)**

» Phase 2: Active Intrusion — This phase analyzes information gathered in Phase 1 and the early stages of Phase 2:

Vulnerability scanning
Port scanning

» Phase 3: Report Vulnerabilities and Steps to Mitigate — After evaluation, detailed reports are prepared and sorted by risk, usually color-coded for priority. These reports include the steps required to mitigate risk.

» Phase 4: Aggressive Penetration — Used only when our clients need to show actual data or system weaknesses:

Gains access through known weaknesses
Utilizes the public domain and tools actually used by intruders
This test is extremely sensitive and requires tight controls identified in the penetration agreement and extensive logging

*Wireless Assessments

Most companies have not kept up with the rapid changes in mobile networks and devices. This provides a prime area for intrusion and requires specific tools and measurements.

**Social Engineering

Perhaps the least known of hacker strategies. Key passwords and other information can lead a creative hacker straight into your network. This information can be gathered by asking someone in the company simple questions that appear to be from a trusted source. Those people who think they can’t be fooled are the most vulnerable.

Make Social Engineering part of your defense strategy. We will train executives and employees to identify a social engineer at work and proactively prevent the intrusion.