Penetration Testing

The GDS penetration testing methodology is designed for assessing high-risk targets such as Internet facing infrastructure and business critical systems. Selected client systems are evaluated and compromised in efforts to gain access to sensitive company resources and data. These activities simulate those of a motivated individual or organization focused on obtaining unauthorized access to confidential and proprietary intellectual property and/or customer data.

Approach

Each of the following testing options can be included or customized to meet specific security goals and requirements.

Blind Network Reconnaissance

Minimal company and network infrastructure information is provided to GDS prior to start of the engagement. The blind reconnaissance approach leverages publicly available information sources to discover the target networks, and is useful in determining the level of information available to company outsiders.

Full-Disclosure Reconnaissance

All network ranges and IP addresses are provided to GDS before testing begins. This assumes that an attacker will ultimately discover all of the company's network ranges and therefore maximizes time spent on vulnerability identification and exploitation.

Stealth Network Testing

Designed to assess perimeter networks while evading detection via intrusion detection systems and/or network administrators.

Compromise Simulation

Root or administrator-level access is granted to GDS security engineers on a perimeter server(s) to gauge the exposure of internal or protected resources in the event that a perimeter host is compromised with a "zero-day" vulnerability.

Deliverables

GDS delivers a detailed and comprehensive report at the conclusion of each security assessment. All GDS reports are highly customizable depending on requested reporting requirements and typically include an executive summary, detailed technical findings and recommendations, and illustrative walkthroughs of all exploitation steps performed.

Related Services

If you would like to learn more about having GDS conduct a penetration test against your network, please email us for more information, or call your nearest GDS office.