Penetration Testing and Audits
When the word audit is heard, usually the first thing that forms in a person’s mind is some threatening accountant standing over you as they look at your financials reminding you how irresponsible you are and that you deserve every bad thing that is coming to you. The audit I refer to is nothing like that. Our audit is meant to uncover what is going on in your network and to help you understand how to make things better. You cannot defend what you cannot see, you cannot protect what you do not understand.
A penetration test is not as menacing as it may sound. Usually this is done before a security audit. A penetration test allows us to presume the role of an external or internal threat actor. What this means is that we act as the hacker. It allows you to discover where are your weak points and more importantly how do we strengthen them. We enter quietly without anyone save for you the business owner knowing what is going on. There are two levels of penetration testing that we perform, internal and external.
The external test involves attempting to enter your network from the outside, we do not tell you how we do this, we only ensure that your environment is not harmed. Using stealth and subterfuge we enter externally and then document as we go so you are aware of any holes or issues. The purpose of an external penetration test is to identify how a person external to your business would be able to go in and infiltrate your system.
An internal penetration test pretty much works the same way. Using stealth and subterfuge we place ourselves in your system. The knowledge of our presence only stays with you the business owner. While sitting on the network we probe your systems for all weak points emphasizing not only on intrusion, but also basic system administration issues such as user permissions. An example, we discover that a file clerk has access to your accounts receivables, this would be something otherwise unknown to you.
An audit is a separate beast unto itself. We would enter your office and literally audit all technology as well as how your infrastructure operates. A complete analysis is made in which not only do we detail the problems you have technically, but we advise on how to make things better as well as more efficient. An audit need not be just about your security. We take technology seriously, so we will also advise you on how to be more efficient in day to day operations. Everything from your applications to your website talking to your office. The audit is a window into a better level of efficiency. You will also be pleasantly surprised, such software and implementation is not as expensive as you may think.
As a well thought out company that likes to cover all basis we recommend all three. Take the penetration test both external and internal map out all issues. At which we then do a full audit of the technical infrastructure where the strengths and weaknesses are documented, and a plan of action is constructed. This way the system is treated in a modular manner that when done you have a fully efficient working network that is locked down but productive at an optimal level. Considering it cost the same, I would ask you – why not. Wouldn’t you like to know what is going on in your business?