Penetration Test and Analysis
A Penetration Test and Analysis performed by Minnesota OnLine will to
identify security concerns specific to your network. An attempt is made to
penetrate your security defenses using methods similar to that of a real
electronic intruder (hacker). In most cases we can and will utilize tools
that are downloadable from the Internet in addition the to state-of–the-art
tools and procedures.
We look for 'the path of least resistance" to penetrate an organization'
network. Examples would be misconfigired systems, easily guessed passwords
on systems, or guest accounts on remote access servers. This does not
diminish the skill level that our Consultants and Engineers posses.
Our Consultants and Engineers posses a high degree of technical skills and
follow a defined methodology when conducting a hacker study. Several our
Consultants carry and maintain high-level Security Clearances and have been
trained to infiltrate systems and networks. We try to simulate an exact
hacker scenario therefore providing a realistic approach to the network
security your organization needs to employ.
After attempting to penetrate the security perimeter of your organization,
the information obtained will be analyzed to provide recommendations that
apply directly to your specific security and network implementations. In
addition, a detailed description of the vulnerabilities found and
recommendations to address the vulnerabilities will be included in a full
report, which could total 50-100 pages.
The following section describes the approach of Minnesota OnLine for a
Penetration Test and Analysis:
Scope of Penetration Testing
Minnesota OnLine will work with your organization to determine the scope of
the penetration test, operational requirements, availability of support
staff, and "rules of engagement" prior to the start of testing.
The objective of penetration testing is to demonstrate that exploitable
vulnerabilities exist within your network infrastructure, not to
demonstrate that your network is free of vulnerabilities.
It is important to note that Minnesota OnLine staff will not perform
illegal activities on systems external or internal to your network during
the penetration test. Information obtained will be treated as confidential
and proprietary, and release documents and liability forms are covered and
signed prior to any penetration test engagement.
The methodology for an Internet-based penetration test follows a procedure
that duplicates the method an attacker might take when attempting to breach
a Company' security perimeter. This procedure starts with gathering
information regarding the Company' systems and configurations utilizing
various tools and utilities. The information obtained is then used to
launch progressively more advanced attacks against the systems.
Minnesota OnLine describes in detail all the identified areas of concern,
along with recommendations for corrective. Each security concern will be
labeled with an indication of the level of risk associated with a
particular vulnerability posed to the company' network. Included will be a
table listing of the hosts and the potential vulnerabilities found on each
one of those hosts.
Summary of Vulnerabilities
The summary section is a review of the kinds of vulnerabilities found on
your organization's systems.
The conclusion will give your organization a snapshot of the overall
security of your network infrastructure. Minnesota OnLine will point out
the security concerns that need to be addressed immediately and give
specific recommendations regarding how to address these particular
vulnerabilities. Minnesota OnLine will also point out good practices that
were taken by your organization in protecting your network so as to
continue that practice in the future.
These sections contain information gathered from tools and exploits. They
may also contain information liberated from servers, like cracked
A report, complete with a detailed description of the vulnerabilities found
and recommendations to address the vulnerabilities, will be developed. A
full could total 50-100 pages. The report will be delivered as a bound
hard copy in addition to electronic WordTM compatible format that will be
transferred to organization in a secure fashion.
Contact Minnesota OnLine, firstname.lastname@example.org.
We can help your organization
understand the level of security that is in place, or isn't!