Organizations that are familiar with the security standards provided by groups like the Payment Card Industry (PCI) know that they are required to have outside entities regularly probe or test the Internet-facing firewalls that they use to protect sensitive, credit card information. The purpose of this testing is to identify basic security issues that might permit an intruder to gain unauthorized access to sensitive data that is stored on internal systems. This is a good requirement, though if a major security flaw is found, it may be too late, as exposed, internal systems may have already been compromised and sensitive data exfiltrated:
Further, such testing assumes that attacks will only be made against the organization’s perimeter firewall when, in actuality, most of the attacks that will result in a major security breach, intrusion or exploit are initiated using malware that is sent to an internal system via e-mail or over nefarious Internet webpages, downloads or links. The truth is that most organizations do not spend enough time hardening their internal systems (again, the cause of most serious compromises) with the false assumption being that sitting behind a firewall and other protective mechanisms will always stop such a threat.
The way to minimize the risk that a compromised, internal system can be used to further provide unauthorized access to other internal systems is to “harden” them. This is the process of removing or disabling all but the required services and protocols from any internal system, to minimize the number of methods of attack (attack vectors) that could be used to access them. Further, as a second part of this process, all known security vulnerabilities (firmware or software bugs) on the internal systems would be identified and mitigated. Banshee Networks assists our clients in performing these tasks by using sophisticated tools to scan all the systems on the internal network for unnecessary services and known vulnerabilities. Once the scan is complete, we compile a list of identified items for the client to review and we can also assist in correcting any issues that are found.
However, we go one step further in that the tools we use are advanced enough to run non-destructive exploits against any vulnerabilities that are found, so that the extent of the issues and associated risks can be definitively ascertained. This sometimes leads to “domino discovery” where one vulnerability exposes another during the exploit portion of the testing. For example, determining that a system will accept a remote access request and present a logon prompt to an unauthorized user, is where most testing ends. However, with our testing, the exploit portion might then run a brute-force, password attack against the logon prompt and also find that the administrative account is using a default or simple password which could allow the system to be easily compromised.
It is recommended that organizations who handle sensitive data that fall under the requirements of any regulation or security standard have an internal penetration test performed on a regular basis. This ensures that if the network is penetrated, the exposure and resulting vulnerability will be minimized. Banshee Networks can assist clients in assessing the effectiveness of their system security by performing advanced, penetration testing against both internal and external systems.
Small Business ServicesMidsized Business ServicesEnterprise Business ServicesWireless ServicesComputer ForensicsStrategic PlanningRegulatory Compliance/Industry Standards AssessmentCyber SecurityNetwork Management & Advanced TroubleshootingCloud ServicesMobile SolutionsServices OverviewTechnologiesAbout