Network Penetration Testing

OVERVIEW

Network management of any organisation is one of the easiest target for attacks. Wireless Networks are highly vulnerable to attacks like MiTM, DoS, De-Authentication attacks. Apart from such threats, network is also vulnerable to DoS attacks, Malware Attacks, Snooping and Man-in-the Middle attacks.

Kratikal offers Vulnerability Assessment and Penetration Testing services for Network to find critical vulnerabilities in the routers, switches and other network elements. We adhere to international standards like OWASP, OSSTMM and SANS to perform in-depth assessment of your servers.


ADVANTAGES

Proactive reporting of critical vulnerabilities affecting network security.

Prevent device level threats, network snooping and malware attacks.

Prevent unauthorised access to the network, unaffordable downtimes and disruption of business due to DoS attacks.

Suggestions on best practices of endpoint security, firewall updates, access management and perimeter security.


HOW IT WORKS

We follow universal testing standards like OWASP, OSSTMM and SANS for comprehensive security assessments.


Information Gathering:
In this stage we perform detailed reconnaissance about the network, its architecture, firewall configurations and other related intelligence. Automated scanners are used to simulate black-box testing environment.

Planning and Analysis:
Based on the information collected in the previous stage, we analyse the possible attack points and devise a full scale “Red Team” approach to mimic real time attacks. To minimise impact of day-to-day activities of the IT asset, we plan the attack, either on dummy environment or during times of lowest network activity (lowest traffic).

Vulnerability Assessment:
In this stage, we run vulnerability scanners to look for possible vulnerabilities and common vulnerabilities related to the platform, services, open ports, obsolete firmware builds, unauthenticated devices etc.

Penetration Testing:
Here we run exploits on the network to evaluate its security. We use custom scripts, open source exploits, in-house tools and third-party exploit frameworks to achieve high degree of penetration. For every network device, we conduct dedicated security assessments to find vulnerabilities and launch the attack.

Reporting:
We generate concise and succinct reports of the vulnerabilities discovered along with discussion on the nature of vulnerability, its impact, threat level and recommendation to remove the vulnerability.

Discussion:
Our technical experts discuss the report, along with the bugs found, and their impact scenario with the development team of the client. Comprehensive discussions are carried out on how to remove the vulnerabilities and improve network security. We also suggest best practices on how to implement network resilience: device level security, rogue device detection, endpoint and perimeter security.