Penetration Testing

Identifying Information Leaks and Security Tools to Plug Them
Contact Us

How difficult—or easy—would it be for malicious actors to penetrate your network?

Penetration testing, also known as pen testing or ethical hacking, is one of the best ways to assess the real-world effectiveness of your technical controls, policies, and procedures. In many cases, it is also a mandatory requirement to meet compliance regulations or industry standards such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), and others.

Delta Risk offers a selection of penetration testing services to meet your specific needs and budget, including:

  • Internal Penetration Testing (Internal Assessments)
  • External Penetration Testing (External Assessments)
  • Wireless Penetration Testing (Wireless Network Assessments)

When conducting a pen test, Delta Risk information security experts simulate the thought processes and actions of a malicious external or internal actor to get unauthorized access to systems or to extract sensitive information. Using a flexible methodology, rather than a fixed set of tools, we employ every resource at our disposal to reveal issues that could leave your organization at risk – before a malicious hacker exploits them.

Internal Penetration Testing

Internal penetration testing (also known as internal assessments) applies these techniques to systems, servers, and applications within the boundaries of your internal network, typically within the public-private boundary created by an external-facing firewall. While most organizations initially think of defending their sensitive data and systems from external attacks, many successful attacks against an organization come from within the network boundary, making internal network penetration testing all the more critical. These attacks can take the form of viruses brought in on mobile devices or removable media, an internal employee committing fraud by exceeding their assigned privileges, or a full attack from a malicious visitor (such as a hacker compromising an internal wireless network or a rogue consultant). Internal penetration tests typically include the following systems and services:

  • Switches
  • Routers
  • Directory Servers (Active Directory, LDAP, Novell)
  • Core infrastructure services (DNS, DHCP, WINS)
  • File and Print Sharing Services
  • User Workstations
  • Database Servers
  • Internal Client-Server Applications
  • Internal Web Applications

External Penetration Testing

In today's business environment, protecting information, complying with legal and regulatory requirements, and operating in alignment with commonly accepted security best practices are integral parts of success and service delivery. External penetration testing (also referred to as external assessments) is performed from outside your infrastructure, and is designed to replicate the tools and techniques that malicious hackers would use to compromise your organization. External pen tests typically include the following systems and services:

  • Firewalls
  • External Routers
  • Web Servers
  • Domain Name Servers (DNS)
  • Remote Access (VPNs, SSL VPNs, etc.)
  • Secure Encrypted Connections (site-to-site or B2B VPNs)
  • Email Systems
  • File Transfer Servers

Unless otherwise specified, Delta Risk follows a risk-based approach attempting to exploit systems that are suspected to contain high-value information as well as any “targets of opportunity” you identify. During testing, it may be sufficient to identify vulnerabilities and use a limited exploit to confirm their existence. However, whether for proof or confirmation, many times exploits will be used to gain access and show system weaknesses. Delta Risk follows a “Do No Harm” approach to testing and will not conduct tests or exploits that would purposely take down a system or cause other operational harm to a system or data.

Wireless Penetration Testing

Delta Risk approaches wireless security from three different perspectives:

  1. Signal space – Has anyone placed unauthorized wireless devices within the corporate environment and from where can a malicious actor connect to your wireless?
  2. Client-side/Mobile Devices – Are devices connecting to the wireless network secured such that they do not provide an attacker a way to compromise the wireless network?
  3. Infrastructure – Is the wireless infrastructure appropriately secured?

We determine the level of security of your organization’s wireless environment by having skilled penetration testers perform a rogue device detection sweep and attempt to compromise your wireless infrastructure. This approach provides very quantifiable results and can identify weaknesses in any of these areas. Our wireless penetration testing practices (also known as wireless network assessments) leverage a combination of techniques and attacks appropriate to your wireless configuration, as different security scenarios require different attack methodologies. Our testing approach includes wireless node discovery, configuration mapping, and/or cryptographic cracking. As an additional service, Delta Risk can also take a more white-box approach to conduct interviews and performance reviews with the IT staff managing the wireless environment. This full-knowledge approach complements the penetration testing to identify other potential improvements which could further harden the wireless infrastructure (such as network segregation, intrusion detection, and simultaneous connections).

Advantages of Our Multifaceted Approach

Information security follows a continuous cycle of design, deploy, test, and improve. Policies and guidelines, implementation processes and procedures, and testing form the basis for this process. While policies and procedures may be formalized and well-understood, breakdowns in processes or simple human error can lead to unknown vulnerabilities that can only be discovered through testing.

Not all penetration tests are created equal. Many firms that claim to offer pen testing rely on a single automated tool with little penetration testing experience or knowledge beyond what the tool can do for them (and just as importantly, what it does not do). Delta Risk employs a multifaceted approach—one that integrates research along with in-depth technical analysis and “manual” testing. Our approach looks at publicly leaked or available information, missing controls, system misconfigurations, and system vulnerabilities just like a malicious hacker would.

Based on your objectives, this multifaceted approach to testing your organization’s security posture can also leverage Delta Risk’s social engineering and physical security testing expertise to create a simulation of complex, real-world “blended” threats. Such tests may be designated as “black-box,” “white-box,” or “crystal-box” depending on how much information you care to share with us prior to the test, or how interactive or adaptive you want the test to be during the execution. We also offer custom solutions such as wireless network and remote access testing, as well as email and telephone “phishing” tests.

Our penetration testing reports are very comprehensive, giving you a clear understanding of the testing methodology; the extent of the work performed; extensive documentation of findings; and prioritized remediation advice.

Is Penetration Testing Right for You?

  • You need an assessment report to meet an annual compliance requirement
  • You need to validate new or updated security controls or appliances
  • You want to know your current threat exposure to Internet-facing assets
  • You want to evaluate your wireless network security and detect unauthorized devices
  • You want to know your current threat exposure to insider threats or compromised users

Service Features

  • Scenario-based assessments
  • Operationally-focused reporting
  • Asset detection and inventory
  • Vulnerability detection and prioritization
  • Actionable remediation recommendations
  • Fully-licensed toolset
  • Impact assessment from insider threat
  • Evidence of intrusion and malware detection scans
  • Support for compliance reporting
  • Measure ability to mitigate data exfiltration