Free Demo: (801) 839-3035


 
Home

Technical Services
       IT Services
       Technical Support
       Datacenter Virtualization
       Desktop Virtualization
       Business Continuity
          Disaster Recovery
       Private Cloud Computing
       Security Penetration Testing
       Windows 7 Migration
       Microsoft Exchange

Partners
       Citrix
       VMware
       Microsoft

Virtualization
       What is Virtualization
       Virtualization Assessments
       Virtualization Licensing
       Free Trial
       Virtulization Plan and Design

Virtual Solutions

Blog

Company
       Contact Us
       Support
       Remote Support
       Press Team
       About
       Testimonials

Contact
"VMware technology has played a critical role in helping us modernize our central IT environment. WaziTech is creating a true partnership that isn't just about selling licenses.it's about giving us what we need to be successful in our goals."

Anonymous
Chief Information Officer

"Our virtual server deployment has totally changed thinking within our organization on how to be more agile and deliver IT services more efficiently. That's on top of just making things a whole lot easier."

Ryan
Enterprise Architect

"The business impact of server virtualization was enormous. We reduced downtime to almost zero. Wazi offered us a complete new technology that was specifically tailored to our needs. We believe WaziTech is going to take us to the next level in business continuity."

Steve B
Enterprise Architect

"From the C-level, executive view, it's about dollars and cents and being able to provide service to our end-users as quickly as we can; and Wazi Technical Solutions is going to get us there."

Paul
Chief Information Officer

"We saw VMware and Intel technology as the ideal infrastructure to help grow our business. Without it, we would not have been able to expand as smoothly as we have."

Jonathan
IT Manager

"Many companies underestimate their IT-architecture and end up wasting time and resources on unnecessary hardware. Desktopvirtualization based on Citrix software allowed us to use our IT-resources at full capacity and achieve amazing results."

Gary
Executive IT-Director

Security Penetration Testing


What is a penetration test?

A penetration test is a method of evaluating the security of a network by simulating a malicious attack. The process involves an analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration or operational weaknesses in process or technical countermeasures. Any security issues that are found will be presented to the system owner, together with an assessment of their impact and a proposal for mitigation or a technical solution. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit.


Why conduct a penetration test?

From a business and operational perspective, penetration testing helps safeguard an organization against failure, through:

  • Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively.
  • Preventing financial loss through fraudulent actions (hackers, extortionists and disgruntled employees)
  • Preventing lost revenue due to unreliable business systems and processes.
  • Proving due diligence and compliance to your industry regulators, customers and shareholders.
  • Protecting your brand by avoiding loss of consumer confidence and business reputation.


What can be tested?

All parts of an organization can be assessed, including the systems where information is stored, the transmission channels, and the processes that manage the information. Examples of areas that are commonly tested are:

  • Network infrastructure
  • Off-the-shelf products (operating systems, applications, and databases)
  • Telephony (war-dialing, remote access etc.)
  • Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)
  • Personnel (screening process, social engineering etc.)
  • Physical (access controls, dumpster diving etc.)


What is included in an assessment?

While a great deal of technical effort is applied during the testing and analysis, the real value of a penetration test is in the report and debriefing. Ideally the report and debriefing should be broken into sections that are specifically targeted at an intended audience. Executives need the business risks and possible solutions clearly described with simple terms, while managers need a broad overview of the situation without getting lost in detail. Lastly technical personnel need a list of vulnerabilities to address, with recommended solutions.


Standards compliance


PCI

The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.


ISACA

ISACA was established in 1967 and has become a pace-setting global organization for information governance, control, security and audit professionals. It’s IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.


CHECK

The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.


OSSTMM

The aim of The Open Source Security Testing Methodology Manual (OSSTMM) is to set forth a standard for Internet security testing. It is intended to form a comprehensive baseline for testing that, if followed, ensures a thorough and comprehensive penetration test has been undertaken. This should enable a client to be certain of the level of technical assessment independently of other organization concerns, such as the corporate profile of the penetration-testing provider.


OWASP

The Open Web Application Security Project (OWASP) is an Open Source community project developing software tools and knowledge based documentation that helps people secure web applications and web services. It is an open source reference point for system architects, developers, vendors, consumers and security professionals involved in designing, developing, deploying and testing the security of web applications and Web Services.

The key areas of relevance are the forthcoming Guide to Testing Security of Web Applications and Web Services and the testing tools under the development projects. The Guide to Building Secure Web Applications not only covers design principals, but also is a useful document for setting out criteria by which to assess vendors and test systems.

Terms Of Use | Privacy Statement | Contact Us | MyWazi | Support | Locations
Copyright 2006-2011 by Wazi Technical Solutions