Deutsch
English
Français
Newsoptional Pen-Test modules
Risk-Assessment
The technical analysis of vulnerabilities or safety gaps is not meaningful without considering the business conditions. We assess the analysis results on the basis of submited documents (security policy, risk assessment, emergency manuals, etc.) and therefore the significant risks. The goal is to prioritize or to reassess the existent risks, to adapt the documents if necessary, and finally to reduce economic risks.
WLAN Pen-Test
Information Gathering / Fingerprinting
- Identification of active WLANs and systems
- Determination of the active services inclusive version conditions
- Identification of the authentication procedures and coding mechanisms
- Identification of the components in the WLAN (clients, acess points, further network components)
WLAN-Hacking
- Execution of different scans dedicated to attacks „from the outside “[i.e. in this case by WLAN]
- Identification of the authorized WLAN-APs
- Overview of all sought out APs including relevant parameters
- Spatial and if necessary individual allocation of the APs/HotSpots
- Analysis of the log possibilities
- Identification of the used channels and SSIDs as well as if necessary the coding strength
- Analyse if unauthorized persons may reach the wireless segment
- Analyse if other parts of your network may be reached and if sensitive data may be read or be changed
Analysis & evaluation of the transition of the WLAN to the cable-bound net
We analyze vulnerabilities of the network infrastructure and possibilities of damage propagation over the segment.
Seek out, identification and making the inventory of unauthorized WLAN APs/HotSpots (wardriving))
We test on your locations(s) if unauthorized radio networks access to your network through access points (WLAN Aps / Hotspots). This includes:
- Overview of all sought out APs including relevant parameters
- Identification of the authorized WLAN-APs / HotSpots
- Spatial and if necessary individual allocation of the APs/HotSpot
- Examination of the WLAN range
- Analysis of the log possibilities
- Identification of the used channels and SSIDs as well as if necessary the coding strength
- Analyse if unauthorized persons may reach the wireless segment
- Analyse if other parts of your network may be reached and if sensitive data may be read or be changed
Dial-In Test (Wardialing)
First of all, we test if we can locate, at the customer level, some reachable modems or ISDN lines. Secondly, we check if password-based attacks may occur in your environment and finally what kinds of information an attacker can obtain.
VoIP-Test
Vulnerability assessment of the IP telephony protocols, gateways, end devices and softphones and which consequences would have these vulnerabilities:
- Monitoring connections/sniffing
- Denial of service on VoIP components
- Compromising of components which permit wiretapping or an abusive rerouting of telephone calls
- Spoofing i.e. abuse of identity and losing authenticity (telephone bBanking, account fraud)
- SPIT (VoIP Spam)
Denial of Service Attack (DoS)
Effects analysis of sequences/variations attacks in load and their reciprocal effects up on:
- Network infrastructure (e.g. load balancer)
- Server
- Databases
- Applications
Analysis of the systems with different load stages on different attack levels (e.g. with [malformed] HTTP requests, UDP packet, TCP SYN Flooding, ICMP echo Reply )
Google Hacking
In this part, we test if the network structure or the implemented security policies of your infrastructure (for instance configuration datas, support requests in forums or mailing lists)permit unauthorized access to sensitive data in the internet by search engines (google hacking).