Minnesota OnLine: Business & Personal 
Internet Solutions Provider
Business Services Company Info
InfoSecurity Capabilities


Penetration Test and Analysis

A Penetration Test and Analysis performed by Minnesota OnLine will to identify security concerns specific to your network. An attempt is made to penetrate your security defenses using methods similar to that of a real electronic intruder (hacker). In most cases we can and will utilize tools that are downloadable from the Internet in addition the to state-of–the-art tools and procedures.

We look for 'the path of least resistance" to penetrate an organization' network. Examples would be misconfigired systems, easily guessed passwords on systems, or guest accounts on remote access servers. This does not diminish the skill level that our Consultants and Engineers posses.

Our Consultants and Engineers posses a high degree of technical skills and follow a defined methodology when conducting a hacker study. Several our Consultants carry and maintain high-level Security Clearances and have been trained to infiltrate systems and networks. We try to simulate an exact hacker scenario therefore providing a realistic approach to the network security your organization needs to employ.

After attempting to penetrate the security perimeter of your organization, the information obtained will be analyzed to provide recommendations that apply directly to your specific security and network implementations. In addition, a detailed description of the vulnerabilities found and recommendations to address the vulnerabilities will be included in a full report, which could total 50-100 pages.

The following section describes the approach of Minnesota OnLine for a Penetration Test and Analysis:

Scope of Penetration Testing
    Minnesota OnLine will work with your organization to determine the scope of the penetration test, operational requirements, availability of support staff, and "rules of engagement" prior to the start of testing.

    The objective of penetration testing is to demonstrate that exploitable vulnerabilities exist within your network infrastructure, not to demonstrate that your network is free of vulnerabilities.

    It is important to note that Minnesota OnLine staff will not perform illegal activities on systems external or internal to your network during the penetration test. Information obtained will be treated as confidential and proprietary, and release documents and liability forms are covered and signed prior to any penetration test engagement.

Test Methodology
    The methodology for an Internet-based penetration test follows a procedure that duplicates the method an attacker might take when attempting to breach a Company' security perimeter. This procedure starts with gathering information regarding the Company' systems and configurations utilizing various tools and utilities. The information obtained is then used to launch progressively more advanced attacks against the systems.

Security Concerns
    Minnesota OnLine describes in detail all the identified areas of concern, along with recommendations for corrective. Each security concern will be labeled with an indication of the level of risk associated with a particular vulnerability posed to the company' network. Included will be a table listing of the hosts and the potential vulnerabilities found on each one of those hosts.

Summary of Vulnerabilities
    The summary section is a review of the kinds of vulnerabilities found on your organization's systems.

Conclusion
    The conclusion will give your organization a snapshot of the overall security of your network infrastructure. Minnesota OnLine will point out the security concerns that need to be addressed immediately and give specific recommendations regarding how to address these particular vulnerabilities. Minnesota OnLine will also point out good practices that were taken by your organization in protecting your network so as to continue that practice in the future.

Appendices
    These sections contain information gathered from tools and exploits. They may also contain information liberated from servers, like cracked passwords.

Deliverable
    A report, complete with a detailed description of the vulnerabilities found and recommendations to address the vulnerabilities, will be developed. A full could total 50-100 pages. The report will be delivered as a bound hard copy in addition to electronic WordTM compatible format that will be transferred to organization in a secure fashion.


Contact Minnesota OnLine, info@state.net. We can help your organization understand the level of security that is in place, or isn't!

webmaster@state.net     Home
© Copyright 1995-1998, Minnesota OnLine. All rights reserved.