Penetration Test and Analysis

Phone Line Scanning

Social Engineering

Firewall Configuration & Testing

Web, FTP, Mail Server Configurations

Software and Tool Analysis

Policy Development

Public Key Infrastructure (PKI)

Disaster Recovery & Contingency Planning

Security Awareness Training

Executive Briefings

Penetration Test and Analysis

A Penetration Test and Analysis performed by Minnesota OnLine will to identify security concerns specific to your network. An attempt is made to penetrate your security defenses using methods similar to that of a real electronic intruder (hacker). In most cases we can and will utilize tools that are downloadable from the Internet in addition the to state-of–the-art tools and procedures.

We look for 'the path of least resistance" to penetrate an organization' network. Examples would be misconfigired systems, easily guessed passwords on systems, or guest accounts on remote access servers. This does not diminish the skill level that our Consultants and Engineers posses.

Our Consultants and Engineers posses a high degree of technical skills and follow a defined methodology when conducting a hacker study. Several our Consultants carry and maintain high-level Security Clearances and have been trained to infiltrate systems and networks. We try to simulate an exact hacker scenario therefore providing a realistic approach to the network security your organization needs to employ.

After attempting to penetrate the security perimeter of your organization, the information obtained will be analyzed to provide recommendations that apply directly to your specific security and network implementations. In addition, a detailed description of the vulnerabilities found and recommendations to address the vulnerabilities will be included in a full report, which could total 50-100 pages.

The following section describes the approach of Minnesota OnLine for a Penetration Test and Analysis:

Scope of Penetration Testing

Test Methodology

The methodology for an Internet-based penetration test follows a procedure that duplicates the method an attacker might take when attempting to breach a Company' security perimeter. This procedure starts with gathering information regarding the Company' systems and configurations utilizing various tools and utilities. The information obtained is then used to launch progressively more advanced attacks against the systems.
Security Concerns

Minnesota OnLine describes in detail all the identified areas of concern, along with recommendations for corrective. Each security concern will be labeled with an indication of the level of risk associated with a particular vulnerability posed to the company' network. Included will be a table listing of the hosts and the potential vulnerabilities found on each one of those hosts.
Summary of Vulnerabilities

The summary section is a review of the kinds of vulnerabilities found on your organization's systems.
Conclusion

The conclusion will give your organization a snapshot of the overall security of your network infrastructure. Minnesota OnLine will point out the security concerns that need to be addressed immediately and give specific recommendations regarding how to address these particular vulnerabilities. Minnesota OnLine will also point out good practices that were taken by your organization in protecting your network so as to continue that practice in the future.
Appendices

These sections contain information gathered from tools and exploits. They may also contain information liberated from servers, like cracked passwords.
Deliverable

A report, complete with a detailed description of the vulnerabilities found and recommendations to address the vulnerabilities, will be developed. A full could total 50-100 pages. The report will be delivered as a bound hard copy in addition to electronic WordTM compatible format that will be transferred to organization in a secure fashion.

Contact Minnesota OnLine, info@state.net. We can help your organization understand the level of security that is in place, or isn't!