Email Support contact@SFLCSI.com
Call Support 561-277-8347
Like Us on Facebook Follow us on Twitter Email Us

Penetration Testing

Virus Removal Wellington

You may be wondering, just what is involved in penetration testing. Quite simply, you give us permission to hack into your systems, but the difference is, instead of doing so to wreak havoc, we do so to help protect you. As “white hat” Ethical Hackers, we use the exact same software, tools, tricks, tactics and schemes as “black hat” hackers, literally fighting fire with fire, to find all the weaknesses and vulnerabilities in your network, computers, servers, and other systems that you’re not aware of. Once we’re done, we present you with a comprehensive set of reports on our findings, as well as step by step recommendations on how to fix these weaknesses so that you’re better prepared against hackers and other ne’er do well’s.

And before you think this is a quick 10 minute process, let me stop you right there. Unlike what you may see on CSI or NCIS, we can’t just press three buttons on the keyboard and get in, it doesn’t work that way. The entire process takes about a month, and while several parts of this testing is designed to be invisible to your company, it requires many steps performed at random times over several weeks. You also may be thinking “Why can’t we just have our own IT guys do this?” Because, quite simply, this is a coflict of interest. You can’t have the same people who set up the equipment test it for weaknesses. They may overlook (either by accident or on purpose) weaknesses that may easily allow hackers to gain access and have their way with your computers, data, or whatever else they want. Plus, it has to be performed by those who are qualified to do so, and only a very small percentage of IT personnel are qualified in penetration testing and cybersecurity.

Among other tasks, we perform an External Penetration Test, an Internal Penetration Test, we also perform social engineering tests on your staff, and we also interview random members of your staff on the company’s existing computer policies. The reports we also generate are also quite comprehensive, and we leave no stone unturned. We even check computers for everything from when a person has logged in, how long they logged in for, when was the last time they changed their password, even if they have, shall we say, “personal” files that may violate company policy. We even check your printers, since they’re a favorite target of hackers to infect with malware. For hospitals & medical clinics, we check them for HIPAA compliance, and for those in retail or who use credit card terminals heavily or otherwise accept a lot of credit card transactions, we also perform PCI compliance. All reports include step by step instructions to remediate each vulnerability or area of concern found during the course of the Penetration Test. We will also schedule a meeting with your company’s management and IT staff to ensure they understand the reports and any findings we discover, as well as the most critical vulnerabilities.

 

Here’s what we do:

  • External Penetration Test
    • Tests your outward internet connection to see if there are any open ports or vulnerable ports that can easily allow a hacker entryVirus Removal Wellington
  • Internal Penetration Test
    • What devices are connected to the network
    • Wireless network security
    • User accounts (including when they last logged in, to which computers, what access they have to network files, their password strength, when they last changed their password)
    • Company password policy
    • Domain Controller Security
    • Server security
    • Group Policy objects
    • Security groups
    • Server checks
      • Check of DHCP, Hyper-V & VMWare, Web server, Time server, Exchange and SQL Servers
      • Checks OS versions and security/access
    • Printers
    • Whether computers and servers are patched regularly
      • If not, what patches are missing, so that they can be installed immediately to help secure them
    • Network file shares
    • Speed test of Internet connection
    • HIPAA Compliance (for businesses that deal in medical information and/or PHI)
    • PCI Compliance
  • Social Engineering
    • Sending phishing and spearphishing email(s) to random staff to check whether they check such emails, and if they click on any links on it, provide PII, allow unauthorized access, etc.
    • Perform vishing in which call is placed to random staff member, stating there is an IT concern and that staffperson’s help is needed, then walk through changing proxy or other settings on PC
    • Coming in person to shoulder surf to check whether passwords, PII, PHI or sensitive financial information is within easy eyesight on their desk or the office.
  • Staff interview
    • Questions regarding the password policy, how often they change their password, whether they lock their computers or reboot them, locking computers when they leave their desk/office, allowing others to use their credentials or system while they are logged in, etc.

 

What you will receive

  • Full Detail Report
  • Network Assessment
  • Site Diagram
  • Asset Detail ReportIdentity Theft Palm Beach
  • Full Detail Change Report
  • Security Risk Report
  • Security Management Plan
  • Computer Security Report Card
  • Anomolous Login Report
  • External Vulnerability Detail Report
  • Outbound Security Report
  • Security Policy Assessment Report
  • Share Permission Report
  • User Behavior Analysis Report
  • Login History Report
  • Login Failure Report
  • Data Breach Liability Report
  • Client Risk Report
  • Exchange Risk Report
  • Exchange Management PlanCyber Security Palm Beach
  • Exchange Assessment
  • Exchange Traffic & User Report
  • Exchange Mailbox User and Distribution Lists Reports
  • Exchange Mobile Device Report
  • SQL Routine Health Report
  • SQL Server Detail Report
  • Database Detail Report
  • Maintenance Plan Report
  • SQL Server Agent Jobs Report

For those who are in the medical field, you will receive the following reports in addition the ones already listed:

  • HIPAA Policies & Procedures Report
  • HIPAA Risk Analysis
  • HIPAA Risk ProfileTech Support Palm Beach
  • HIPAA Management Plan
  • Evidence of HIPAA Compliance
  • HIPAA On-Site Survey
  • Disk Encryption Report
  • File Scan Report
  • User ID Worksheet
  • Computer ID Worksheet
  • Network Share ID Worksheet
  • HIPAA Supporting Worksheets

For companies that accept credit card transactions on site with physical equipment provided by a vendor, you are also required to be PCI compliant, in which case you will also receive the following reports

  • PCI Policies & Procedures Document
  • PCI Risk Analysis Report
  • PCI Management PlanNetwork Security Palm Beach
  • Evidence of PCI Complaince
  • Cardholder Data Environment Worksheet
  • Necessary Functions Worksheet
  • Antivirus Capabilities Identifications Worksheet
  • PAN Scan Verification Worksheet
  • Compensating Controls Worksheet
  • PCI Layer 2/3 Diagram
  • ASV Certified Reports