What is a Penetration Test and why would you need one?

August 9, 2020

Penetration testing (pen testing) is a simulated attack against your network, which can include your physical office network, online presence, app or any other system that contains sensitive company data. A pen test checks for exploitable vulnerabilities such as misconfigurations in system settings, out of date system software, public facing data or endpoints that should be private and much more.

Our talented team of Boston penetration testers offer the following services:

  • External Penetration Testing: This is the first step where we try to gain access to your network from known external endpoints. This is likely a first step a hacker would use to try and gain access to your data and even the smallest vulnerability can give them full access.

  • Internal Penetration Testing: After our external test we put a Mule Force device on your network to simulate a hacker gaining access or a compromised employee navigating the system.

  • Wi-Fi Security: Most people think of hackers sitting in a far away basement somewhere but the truth is they could be a nondescript person sitting in your lobby or the office next door cracking your Wi-Fi password. Our team will simulate this type of attack by scanning your network, obtaining your secure key and trying to crack the password to ensure it’s a secure one.

  • Phishing: This is one of the most common forms of entry used by hackers and the average company has zero protection against it. Phishing is a form of email that mimics a legitimate email from a provider such as Google, Microsoft, etc. that asks for a password reset or to login to your account to verify something. This then brings you to a legitimate looking website where you enter your password and then the hacker has everything they need. Our team will mimic these attacks and track any successful attempts so you can train your team on how to spot them and prevent them.

  • Social Engineering: Right up there with phishing in terms of popularity is social engineering, which is when a hacker will try to trick one of your employees into giving them sensitive information. This can come in the form of “Microsoft” calling to verify something via screen-share and once you give them access they have full access to your network. Or it could be a “Comcast” representative showing up to your office to check your network and if you don’t verify they’re a legitimate tech they’ll have access to your server room and nobody will be the wiser. Our team will mimic these attempts to verify your team is following procedures set in the policies and validating any requests.

  • Website / Application Assessment: Most people don’t think of their website as a potential threat to their physical network but a talented hacker can use access they gain to your website to fully compromise your other networks. This includes taking over your email to send legitimate looking emails from your actual domain, scanning website files and databases to find employee passwords and much more. We will ensure your website is secure by running an initial scan and penetration test and securing in going forward with Mule Force security tools including firewalls, IP whitelisting, realtime backups and much more.

  • Reports, Analysis and Recommendations: Once our team is done with everything we will provide a final report that you will share with your IT team that includes our analysis, vulnerabilities we found and recommendations for fixing them.

Whether you’re required to run a penetration test to satisfy compliance requirements, are being asked by a vendor or want to ensure your network is safe against attackers get in touch today to learn more about how we can help.